Exploits

Typosquatting Attack Exposes GitHub Actions to Malicious Software Supply Chain Risks

Published  ·  1 min read
Updated on September 08, 2024

Threat actors are leveraging typosquatting to target GitHub Actions, a CI/CD platform, by exploiting misspelled action names. This allows attackers to run malicious code in workflows without developers realizing it.

According to Orca Security, adversaries create repositories with names similar to legitimate GitHub Actions, tricking users into invoking malicious actions when they make a typo in the setup. These malicious actions can tamper with source code, steal secrets, or introduce subtle bugs and backdoors, impacting all future builds and deployments.

A search on GitHub revealed 198 files that mistakenly referenced "action/checkout" or "actons/checkout" instead of "actions/checkout." Since GitHub Actions run with repository access, a compromised action could push malicious changes across multiple projects within an organization.

Preventive Measures:

  • Double-check action names and organizations.
  • Use trusted sources for GitHub Actions.
  • Periodically scan workflows for typosquatting risks.

This threat highlights the importance of vigilance in preventing such attacks, especially considering the unknown risks to private repositories.

Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067