This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

🔊 Web Growth Summit is here! Learn from industry experts on July 17-18, 2024. REGISTER NOW→

Gitloker Attacks Exploit GitHub Notifications to Push Malicious OAuth Apps

Updated on June 11, 2024

2 Min Read
Gitloker Attack


Threat actors are impersonating GitHub’s security and recruitment teams in phishing attacks designed to hijack repositories through malicious OAuth apps. This ongoing extortion campaign has been wiping compromised repositories.

Since February, dozens of developers have received deceptive job offers or security alert emails from “[email protected].” These emails were sent after victims were tagged in spam comments and added to random repository issues or pull requests via compromised GitHub accounts.

via GIPHY

The phishing emails direct recipients to fake landing pages at githubcareers[.]online or githubtalentcommunity[.]online, as identified by CronUp security researcher Germán Fernández. On these pages, users are prompted to sign into their GitHub accounts and authorize a new OAuth app requesting access to private repositories, personal user data, and the ability to delete any repository with admin access, among other permissions.

Victims of these attacks report having their accounts disabled and losing access to all repositories, likely because their accounts were reported for spam. Once attackers gain access to repositories, they wipe their contents, rename them, and add a README.me file instructing victims to contact them on Telegram to recover the data. The attackers claim to have stolen the victims’ data before destroying it and offered a backup that could restore the wiped repositories.

GitHub staff have been addressing community discussions about these attacks since February, explaining that the campaign exploits GitHub’s mention and notification functionality. They urge targeted users to report the malicious activity using GitHub’s abuse reporting tools.

via GIPHY

A GitHub community manager stated, “We understand the inconvenience caused by these notifications. Our teams are currently working on addressing these unsolicited phishing notifications. We remind our users to use our abuse reporting tools to report any abusive or suspicious activity. This is a phishing campaign and not the result of a compromise of GitHub or its systems.”

GitHub staff advised users to take the following precautions to protect their accounts:

  • Do not click any links or reply to these notifications; report them instead.
  • Never authorize unknown OAuth apps, as they can expose your GitHub account and data to third parties.
  • Periodically review your authorized OAuth apps.

In September 2020, GitHub warned of another phishing campaign using emails with fake CircleCI notifications to steal GitHub credentials and two-factor authentication (2FA) codes through reverse proxies.

As always, users are urged to stay vigilant and follow security best practices to protect their accounts and data from such threats.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Abdul Rehman

Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.

×

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour

CYBER WEEK SAVINGS

  • 0

    Days

  • 0

    Hours

  • 0

    Mints

  • 0

    Sec

GET OFFER

For 4 Months &
40 Free Migrations

For 4 Months &
40 Free Migrations

Upgrade Now