GitHub Accounts Stolen

By

Ongoing phishing attacks have led to stolen credentials.

Many Linux admins use GitHub for various reasons—some for hosting code and others for finding projects to install. No matter why you use this massive collection of software repositories, it’s important to know that GitHub users are currently being targeted in an ongoing phishing attack.

Not only have the attackers stolen GitHub account credentials, they are immediately downloading the contents of private repositories, which includes those owned by organizations and their collaborators.

Once the hackers have logged into an account, they can create GitHub personal access tokens or even authorize applications, via OAuth, in order to maintain access to the account, if the user changes their password.

The phishing attack tricks users into clicking a malicious link to check their account activity, which when redirects them to a fake GitHub login page. When an unsuspecting user logs into the fake GitHub site, their credentials are logged. This phishing attack is also capable of gaining access to accounts that employ Two-Factor Authentication. The only accounts that are immune to this attack are those protected by hardware-based security keys.

This particular phishing attack is focused on active GitHub users working for tech companies using email addresses obtained from public commits. To protect yourself against this attack, all GitHub users should change their passwords, reset two-factor recovery codes, review Personal Access Tokens, and employ hardware-based 2FA (if possible).

Original source: https://nakedsecurity.sophos.com/2020/04/17/github-users-targetted-by-sawfish-phishing-campaign/ 

04/20/2020

Related content

comments powered by Disqus