Thinking Like a Hacker: Stealing Secrets with a Malicious GitHub Action

Last time, a cryptocurrency scammer scanned Android APKs on the Internet Archive and found thousands of leaked Twitter API keys. After that, the scammer invested money into an altcoin and used the leaked API keys to promote the altcoin with hijacked Twitter accounts. The story ended with a classic pump-and-dump that made the crypto scammer millions of dollars at the expense of duped investors.

In this series, we will dissect not just what an attacker can do to get …

action github github action hacker hacking malicious opensource secrets security stealing thinking thinking like a hacker