Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub


Automated Libra, a threat actor based in South Africa, has been seen automating the creation of GitHub accounts as part of the PURPLEURCHIN freejacking effort.

According to William Gamazo and Nathaniel Quist, researchers at Palo Alto Networks Unit 42, the organisation “mainly targets cloud platforms offering limited-time trials of cloud services to run their crypto mining activities.” PURPLEURCHIN first came to light in October 2022 when Sysdig revealed that the adversary increased its activity by opening up to 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts.

Read More…