A fake security alert targeting GitHub users suggests unauthorized access attempts from unknown locations. It advises users to take actions like updating passwords, managing sessions, and enabling two-factor authentication. However, the links provided in the alert direct users to a malicious GitHub authorization page for an app named 'gitsecurityapp', which requests extensive permissions that could compromise user data. This demonstrates a phishing tactic where attackers exploit user trust by presenting legitimate-looking security notifications to gain access to sensitive accounts.
The alert offered a number of steps to secure their accounts against unauthorized activity. "If you recognize this activity, no further action is required. However, if this was not you, we strongly recommend securing your account immediately," it reads.
The recommended actions include updating one's password, reviewing and managing active sessions, and enabling two-factor authentication (2FA). All these options, however, came with links that led to a GitHub authorization page for the 'gitsecurityapp' OAuth app.
We have detected a login attempt on your GitHub account that appears to be from a new location or device. The alert reads.
The authorization page includes a list of risky permissions including access to and deleting public and private repositories, read or write user profiles, read organization membership and projects, and access to GitHub gists.
Collection
[
|
...
]