"Massive Cryptomining Campaign Abuses Free-Tier Cloud Dev Resources"

An automated and large-scale 'freejacking' campaign exploits free GitHub, Heroku, and Buddy services to mine cryptocurrency at the expense of the provider. The operation is based on exploiting the limited resources provided by free-tier cloud accounts in order to generate a small profit from each free account, which, when combined, amounts to something more significant. The threat actor behind the campaign, known as 'Purpleurchin,' was observed using CI/CD service providers such as GitHub (300 accounts), Heroku (2,000 accounts), and Buddy.works (900 accounts) to perform over a million function calls per day. Purpleurchin has remained undetected due to the rotation and channeling of those accounts through 130 Docker Hub images with mining containers, as well as obfuscation on all operational levels. This article continues to discuss findings regarding the freejacking campaign abusing free GitHub, Heroku, and Buddy services to mine cryptocurrency. 

Bleeping Computer reports "Massive Cryptomining Campaign Abuses Free-Tier Cloud Dev Resources"