GitHub Codespaces exploitable for malware delivery

Threat actors could exploit the port forwarding feature in cloud-based configurable development environment GitHub Codespaces to facilitate malware delivery, according to The Hacker News. Such a feature, which enables manual forwarding of ports, as well as the labeling, sharing, and inclusion of forwarded ports to codespace configuration, could be leveraged for malicious file server creation in a GitHub account, a Trend Micro report found. Attackers could establish a codespace and download the malware from a controlled domain while making the forwarded port public in order to host and deploy malicious payloads, according to researchers. Such payloads are also unlikely to be flagged by security solutions. The findings indicate the potential weaponization of cloud platform features for malicious activities. "Cloud services offer advantages to legitimate users and attackers alike. The features offered to legitimate subscribers also become available to threat actors as they take advantage of the resources provided by the [cloud service provider]," said researchers.