Blog Details

  • Home
  • Blog
  • Typosquatting Attack Exposes GitHub Actions to Malicious Software Supply Chain Risks
Typosquatting Attack Exposes GitHub Actions to Malicious Software Supply Chain Risks

Typosquatting Attack Exposes GitHub Actions to Malicious Software Supply Chain Risks

Threat actors are leveraging typosquatting to target GitHub Actions, a CI/CD platform, by exploiting misspelled action names. This allows attackers to run malicious code in workflows without developers realizing it.

According to Orca Security, adversaries create repositories with names similar to legitimate GitHub Actions, tricking users into invoking malicious actions when they make a typo in the setup. These malicious actions can tamper with source code, steal secrets, or introduce subtle bugs and backdoors, impacting all future builds and deployments.

A search on GitHub revealed 198 files that mistakenly referenced "action/checkout" or "actons/checkout" instead of "actions/checkout." Since GitHub Actions run with repository access, a compromised action could push malicious changes across multiple projects within an organization.

Preventive Measures:

  • Double-check action names and organizations.
  • Use trusted sources for GitHub Actions.
  • Periodically scan workflows for typosquatting risks.

This threat highlights the importance of vigilance in preventing such attacks, especially considering the unknown risks to private repositories.

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067