A phishing campaign on GitHub has been reported, targeting approximately 12,000 developers with fake security alerts impersonating GitHub. Discovered by researcher Luc4m, these alerts warned users of suspicious account activity, misleading them into installing a malicious OAuth app named 'gitsecurityapp.' Once installed, the app grants hackers extensive permissions, including full access to repositories and accounts. The campaign began on March 16 and remains active, with fluctuating victim counts likely due to GitHub's efforts to combat it. Users are advised to take immediate actions if affected.
This phishing campaign on GitHub has targeted 12,000 developers, tricking them into installing a malicious OAuth app that grants hackers full access to their accounts.
Security researcher Luc4m discovered the phishing campaign, involving fake security alerts warning developers of unusual activity while leading them to a rogue 'gitsecurityapp' app.
Collection
[
|
...
]