🌸🌹2ck 🌱🐇: "@lupyuen What's the point of making these? Action…" - Qoto Mastodon

Apr 20, 2021, 23:37

Lup Yuen Lee 李立源 @lupyuen@qoto.org

Please check your #GitHub repos for suspicious "Upload Files" PRs ... And report them to GitHub

cb179d9859e902de.png

Apr 21, 2021, 03:32

Lup Yuen Lee 李立源 @lupyuen@qoto.org

This triggers cryptomining jobs in GitHub Actions that will appear under your repo

Apr 21, 2021, 14:06

Lup Yuen Lee 李立源 @lupyuen@qoto.org

Cryptominers still spamming my #GitHub repo sigh

https://github.com/lupyuen/pinetime-rust-riot/pull/7

91603dfee7cb0fef.png

🌸🌹2ck 🌱🐇 @2ck@qoto.org

@lupyuen What's the point of making these? Actions on PRs execute with the resources of the owner, no? What's the advantage of making the PR on someone else's repo?

Apr 22, 2021, 00:23 · · Tusky · · ·

Apr 22, 2021, 00:35

Lup Yuen Lee 李立源 @lupyuen@qoto.org

@2ck To evade detection maybe? Many repos are idle and can trigger jobs with this hack

Sign in to participate in the conversation