Security News > 2024 > June > Gitloker attacks abuse GitHub notifications to push malicious oAuth apps
Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.
Many GitHub users who have fallen victim to these attacks also report having their accounts disabled and losing access to all repos-likely after other victims reported them for being abused to push comment spam.
BleepingComputer has yet to receive a reply from a GitHub spokesperson after reaching out last week for more details regarding the Gitloker extortion campaign.
GitHub staff has been replying to community discussions about these attacks since February, saying the campaign targets GitHub's mention and notification functionality and asking those targeted to report this malicious activity using the coding platform's abuse reporting tools.
In September 2020, GitHub warned of another phishing campaign using emails pushing fake CircleCI notifications to steal GitHub credentials and two-factor authentication codes by relaying them through reverse proxies.
New Gitloker attacks wipe GitHub repos in extortion scheme.