Recent research has shown that there is a possibility that the code development and collaboration features of GitHub Codespaces could be exploited to publish malware.
In addition, cyber attackers can exploit existing features of Codespaces to host malware on GitHub accounts.
What is GitHub Codespaces?
GitHub Codespacesis a cloud-based development environment that offers optimized and preconfigured containers for software development projects.
This platform allows software developers to write and edit code and run it directly in a web browser.
- GitHub Codespaces was made available to the community in November of last year.
- All personal accounts on GitHub have a one month period for free use of GitHub Codespaces.
- The platform allows developers to share work written via TCP transmission for testing purposes with external users.
Publishing Malware Via GitHub Codespaces
The researchers, explained via a PoC that it is possible to configure GitHub Codespaces as a web server and use it to distribute malware.
- Offensive; It can run a simple Python web server, host malicious code or malware, and publish the web port with public view authorization.
- The publicly available URL can be used to access malware without any authentication. Thus, the malware can be easily downloaded without any security provider.
- In addition, the use of full-featured development environments makes it possible to distribute malicious content much faster and more efficiently.
In conclusion,
Cloud-based systems like GitHub Codespaces are often at risk of abuse by attackers planning to release malware. Some attackers are already using similar attacks to abuse other cloud-based systems such as Microsoft Azure, Google Cloud and Amazon AWS for malware distribution.
Therefore, software developers and cloud security professionals should consider the risks associated with such public use platforms and take appropriate action to mitigate the risks as soon as possible.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.