- Security researchers spot a new phishing campaign targeting Github users
- A false GitHub account “security alert” informs users of suspicious connections
- Notification links all point to a shaded application
Cybercriminals simulate security alerts on GitHub to bring users without distrust to install malware and lose their jobs, experts warned.
A safety researcher alias “LC4M” discovered the campaign and shared a detailed explanation in a short Thread X, noting that the attackers created a GitHub account called “Github notification”, then opened a problem to a “well -known replenishment” indicating “security alert: attempt to unusual access”.
“We have detected an attempted connection to your Github account which seems to come from a new location or a new device,” said the false alert. “If you recognize this activity, no other action is required.
Oauth application
The alert indicates that the connection attempt comes from Reykjavik, Iceland, and sharing links where users can update their password, examine and manage active sessions, and even activate two -fact factors (2FA).
However, all links lead to a GitHub authorization page for an OAUTH application called “gitecurityapp”. This application requires many authorizations, including those which grant full access to public and private standards, the possibility of reading and writing to the user profile, access to GitHub Gist, of the authorization to delete standards, and more.
The researcher has updated his thread to say that at least 8,000 Github standards have been targeted. However, a Bleeping Compompute The report puts the number of objectives at 12,000.
If you were targeted by this campaign and you ended up granting authorizations, you must revoke access as soon as possible, and after that – rotate your identification information and your authentication tokens just to be sure.
LC4M could not attribute the campaign with confidence to any known threat actor, but they have their suspicions: “Sense DPKR?” They said, suggesting that this could be the work of the actors of the threat sponsored by the North Korean state.
