EleKtra-Leak, an ongoing cryptojacking campaign, exploits exposed IAM credentials on GitHub to mine Monero. The attackers are said to have used each stolen credential within five minutes of its discovery. The payloads are delivered via a Google Drive URL, another widely used application, to evade detection.
It is recommended to audit the GitHub repository cloning events for any suspicious operations and secure the exposed keys.

Leave a Comment