- Security researchers detect a new Phishing campaign aimed at GITHUB users
- A false Github account of “security alert” was notifying users of suspected session
- The links in the notification point to a shaded application
Cybercriminals are pretending security alerts in Github so that unsuspecting users will install malicious applications and lose their work, experts warned.
A “LC4M” security researcher discovered the campaign and shared a detailed explanation in a brief X thread, noting that the attackers created a Github account called “Github notification”, and then opened a problem to a “well -known security repository” indicating “security alert: unusual access attempt.”
“We have detected a login attempt in its Github account that seems to be a new location or device,” says the false alert. “If you recognize this activity, no more actions are required.
OAUTH APPLICATION
The alert establishes that the attempted login wine from Reykjavik, Iceland, and shares links where users can update their password, review and manage active sessions, and even enable the authentication of two factors (2FA).
However, all links lead to a github authorization page for an OAUTH application called “gitsecuritypp”. This application requests numerous permits, including those that give total access to public and private repositories, the ability to read and write in the user profile, access to GitHub Gists, the permission to eliminate repositories and more.
The researcher updated his thread to say that at least 8,000 Github repositories were attacked. However, a Bleepingcomputer The report places the number of objectives in 12,000.
If he was attacked by this campaign and ended up granting the permits, he must revoke access as soon as possible, and after that, turn his credentials and authentication tokens only to be on the safe side.
LC4M could not confirm the campaign to any known threat actor, but they do have their suspicions: “Does DPKR smell?” They said, suggesting that this could be the work of the threat actors sponsored by the state of North Korea.
