Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have found.
Attackers have long tried to capitalize on typos by registering names in various systems — DNS, package repositories — close to those of popular resources. This technique, known as typosquatting, also works for GitHub Actions, which can lead to developers executing malicious workflows inside their own repositories, researchers have shown.
GitHub Actions is a CI/CD (continuous integration and continuous delivery) service that enables developers to automate software builds and tests by setting up workflows that trigger when specific events are detected, such as when new code is committed to the repository. The workflows, called Actions, are instructions packed in an .yml file that execute inside virtual containers, usually on GitHub’s infrastructure, and return compiled binaries, testing results, and so on.
These workflows can be reused and shared with others on the GitHub Marketplace, which currently lists thousands of public Actions that developers can use instead of coding their own. Actions can also be included as dependencies inside other Actions, creating an ecosystem similar to other open-source component registries.
Researchers from Orca Security recently investigated the impact typosquatting can have in the GitHub Actions ecosystem by registering 14 GitHub organizations with names that are misspellings of popular Actions owners — for example, circelci instead of circleci, actons instead of actions, google-github-actons instead of google-github-actions.
“In a normal scenario where there is a typo when calling an action, the workflow will fail and the developer will notice there is an issue and fix it,” the researchers wrote in their report. “However if a malicious action exists with the misspelled name being called, the workflow will function without any issues.”
For example, if a developer types “uses: action/checkout” in their own workflow instead of “uses: actions/checkout” — which is the correct instruction because the parent organization is “actions” (plural) — their workflow will try to run code from the repository “checkout” of an untrusted organization. If an attacker created the “action” (singular) organization and a “checkout” repository, then their malicious action will execute instead.
In a separate report last month, Palo Alto Networks researcher Yaron Avital discovered that GitHub Actions produced build artifacts that contain sensitive access tokens to third-party cloud services that can be abused by attackers to push malicious code into projects or to compromise cloud infrastructure.
Scope and risk factors
One might think that developers making typos is not very common, but given the scale of GitHub — over 100 million developers with over 420 million repositories — even a statistically rare occurrence can mean thousands of potential victims.
For example, the researchers found 194 workflow files calling the “action” organization instead of “actions”; moreover, 12 public repositories started referencing the researchers’ fake “actons” organization within two months of setting it up.
“Although the number may not seem that high, these are only the public repositories we can search for and there could be multiple more private ones, with numbers increasing over time,” the researchers wrote.
Another reason this technique would be appealing to attackers is scalability. Creating fake GitHub organizations, copying their original actions repositories, and adding a backdoor to their code can be easily automated. This means one attacker can create typo variations targeting many popular GitHub Actions and have the number of impacted repositories quickly add up.
Ultimately this is a low-cost high-impact attack. Having the ability to execute malicious actions against someone else’s code is very powerful and can result in software supply chain attacks, with organizations and users that then consume the backdoored code being impacted as well.
“This level of access can be risky if an action is malicious — it could install malware, steal secrets, or make covert changes to your code,” the Orca researchers warn. “The implications of such access can be devastating. Imagine an action that exfiltrates sensitive information or modifies code to introduce subtle bugs or backdoors, potentially affecting all future builds and deployments. In fact, a compromised action can even leverage your GitHub credentials to push malicious changes to other repositories within your organization, amplifying the damage across multiple projects.”
This brings up another important point: It’s not the number of impacted repositories that counts, but their importance and size. Even if an attacker manages to compromise only 10 repositories with this technique, one belonging to a popular project can give the attacker access to thousands of users and organizations down the supply chain.
Mitigation
GitHub does take action against impersonation accounts if brought to its attention, but users shouldn’t rely on that as a defensive technique against typosquatting attacks. Out of the 14 typosquatted organizations that Orca set up for their proof-of-concept, GitHub only suspended one over a three-month period — circelci — and that’s likely because someone reported it. CircleCI is one of the most popular CI/CD platforms.
During their investigation, Orca researchers also noticed that others had the same idea. The researchers found an organization called “aws-action” whose display name reads “AWS for Github Actions – TYPOSQUAT.” Its description warns users not to use the actions in its repositories because they were set up for research purposes.
If different researchers had the same typosquatting idea independently of each other, it’s likely that some attackers have had the idea as well, especially since typosquatting is already a commonly used attack technique for websites and in other component repositories.
The Orca researchers recommend the following best practices to prevent such attacks:
- Double-check actions and their names before using them in your workflows.
- Only chose actions from verified creators or those that are highly starred and forked.
- Use version tags or commit SHAs to ensure a known-good action is being used.
- Integrate security tools to scan workflows for potential issues, including typosquatting.
- Make sure your team is aware of typosquatting risks and how to avoid them.
