Hackers use Microsoft VS2015 GitHubz plugin bug to rent servers to mine Bitcoin

In order to facilitate developers to use GitHub in Visual Studio, Microsoft and GitHub developed a GitHub plug-in for Visual Studio 2015. However, due to a bug in the plug-in, a user lost $6,500 in just a few hours. This incident happened not long ago.

This is how it all started:

Since last year, hackers have been using robot programs to scan GitHub 24 hours a day, attempting to steal Amazon AWS API keys that users accidentally published on GitHub, and then use the stolen AWS API keys to rent servers for mining Bitcoin.

Due to a bug in the GitHub plugin for Visual Studio 2015, the code that the user wanted to submit to the private repository was pushed to the public repository, resulting in the AWS key being exposed. Unfortunately, before the user realized the problem, the AWS key had been crawled by a Bitcoin miner, resulting in the user losing $6,500 in a few hours.

After the incident, Microsoft and GitHub actively contacted the user and have provided a fix update. If you are using this plug-in, please update it in time.