"Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware"
Researchers have discovered that threat actors can exploit a legitimate GitHub Codespaces feature to distribute malware to target systems. GitHub Codespaces is a cloud-based customizable development environment that allows users to debug, maintain, and commit changes to a specific codebase using a web browser or a Visual Studio Code interface. It also has a port forwarding capability that enables testing and debugging access to a web application operating on a specific port within the codespace directly from the browser on a local machine. GitHub's documentation explains that you can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace settings. Any forwarded port that is made public allows anyone with knowledge of the URL and port number to view the running application without requiring authentication. GitHub Codespaces forwards ports using HTTP. If the publicly visible port is updated to use HTTPS or removed and re-added, the port's visibility is changed to private automatically. Trend Micro discovered that such publicly shared forwarded ports could be used to establish a malicious file server through a GitHub account. This article continues to discuss how hackers can abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems.
THN reports "Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware"