Lup Yuen Lee 李立源: "@2ck To evade detection maybe? Many repos are idl…" - Qoto Mastodon

Apr 20, 2021, 23:37

Lup Yuen Lee 李立源 @lupyuen@qoto.org

Please check your #GitHub repos for suspicious "Upload Files" PRs ... And report them to GitHub

cb179d9859e902de.png

Apr 21, 2021, 03:32

Lup Yuen Lee 李立源 @lupyuen@qoto.org

This triggers cryptomining jobs in GitHub Actions that will appear under your repo

Apr 21, 2021, 14:06

Lup Yuen Lee 李立源 @lupyuen@qoto.org

Cryptominers still spamming my #GitHub repo sigh

https://github.com/lupyuen/pinetime-rust-riot/pull/7

91603dfee7cb0fef.png

Apr 22, 2021, 00:23

🌸🌹2ck 🌱🐇 @2ck@qoto.org

@lupyuen What's the point of making these? Actions on PRs execute with the resources of the owner, no? What's the advantage of making the PR on someone else's repo?

Lup Yuen Lee 李立源 @lupyuen@qoto.org

@2ck To evade detection maybe? Many repos are idle and can trigger jobs with this hack

Apr 22, 2021, 00:35 · · Tusky · · ·

Sign in to participate in the conversation