Security News > 2024 > June > Gitloker attacks abuse GitHub notifications to push malicious oAuth apps
Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.
Many GitHub users who have fallen victim to these attacks also report having their accounts disabled and losing access to all repos-likely after other victims reported them for being abused to push comment spam.
BleepingComputer has yet to receive a reply from a GitHub spokesperson after reaching out last week for more details regarding the Gitloker extortion campaign.
GitHub staff has been replying to community discussions about these attacks since February, saying the campaign targets GitHub's mention and notification functionality and asking those targeted to report this malicious activity using the coding platform's abuse reporting tools.
In September 2020, GitHub warned of another phishing campaign using emails pushing fake CircleCI notifications to steal GitHub credentials and two-factor authentication codes by relaying them through reverse proxies.
New Gitloker attacks wipe GitHub repos in extortion scheme.
News URL
Related news
- GitVenom attacks abuse hundreds of GitHub repos to steal crypto (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Critical GitHub Attack (source)