Cyber criminals are using new phishing tactics to impersonate recruiters and GitHub security, enticing developers to log in through malicious OAuth applications, gaining access to private repositories and account data.
GitHub Phishing
Dangerous Campaign
Since February, there have been many cases of attackers sending out fake offers about work or supposedly notifications from the GitHub security service. The emails prompted users to log in through an OAuth application, which requested access to personal data, repositories, and the ability to delete any repositories. After gaining access, the cybercriminals erased the repositories, renamed them, added the README.me file and demanded to contact them via Telegram, claiming that they had stolen and stored the victims’ data.
Fake domains
Malicious links directed to fake sites githubcareers.online and githubtalentcommunity.online , disguised as official resources. Some emails came from a fictitious address [email protected]
GitHub reaction
GitHub representatives confirmed that this was a phishing campaign and their systems were not compromised. Employees urged users to report any suspicious activity, not log in through unknown OAuth applications, periodically check allowed applications and ignore such emails.
Glossary
- GitHub - a web service for hosting repositories of IT projects and their joint development
- OAuth - an open authorization protocol for secure data transfer between services
- Phishing - a type of Internet fraud whose goal is to lure out confidential user data
- Repository - structured storage data, designed for centralized placement and synchronization of files
Links
- https://www.bleepingcomputer.com/ news/security/gitloker-attacks-abuse-github-notifications-to-push-malicious-oauth-apps/
- https://github.com/orgs/community/discussions/109171# discussioncomment-8544465
Answers to questions
What is a new type of phishing attack on developers ?
What are the consequences for victims of these phishing attacks?
What sites are potential victims redirected to in phishing emails?
How did GitHub respond to this phishing campaign?
What recommendations have GitHub staff made to protect against such attacks?
Hashtags
Save a link to this article
Discussion of the topic – New phishing campaign targets GitHub developers
Attackers use phishing schemes by posing as recruiters and the GitHub security team to trick developers into clicking malicious links.
Latest comments
8 comments
Write a comment
Your email address will not be published. Required fields are checked *
Сергей
Oh, have you heard about the new wave of phishing attacks on GitHub? 😬 This seems to be a serious threat to developers. We need to be especially careful and not fall for the tricks of scammers.
Анна
Yes, I heard about this too. Attackers pose as recruiters and the GitHub security team to lure people to phishing sites. 🚨 They are trying to gain access to personal data and developer repositories.
Виктор
I can't believe someone is so shameless! 😠 Deleting and renaming repositories is just low. Hopefully GitHub can put an end to this phishing campaign.
Ян
And I always check the sender's address and links before opening letters. 👀 You need to be alert and not trust everything that comes into your mail.
Владимир
Ugh, what disgusting! 🤮 I always thought that GitHub was a safe place for developers, but now I understand that you need to be careful even there. I will not click on dubious links and will disable all unnecessary OAuth applications.
Григорий
Bang, those phishing attacks again! 😡 How annoying they are! I regularly check authorized applications and revoke access from those that seem suspicious. Better safe than sorry!
Олег
Hmm, shouldn't GitHub do a better job of protecting its users? 🤔 I think they should strengthen security measures and warn people about such attacks.
Юрий
Eh, all these new trends and technologies are just a headache! 🙄 In my time there were no phishing attacks or other nonsense. I'll just continue working as usual and won't open any suspicious emails.