This week according to a Dutch security engineer security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.
Repositories use GitHub Actions to facilitate CI/CD automation and scheduling tasks.
However, this particular attack abuses GitHub's own infrastructure to spread malware and mine cryptocurrency on their servers.
The attack involves first forking a legitimate repository that has GitHub Actions enabled.
It then injects malicious code in the forked version, and files a Pull Request for the original repository maintainers to merge the code back.