Fake security warning: Fraudsters try to hijack Github accounts

Fraudsters are currently targeting Github repositories. They want to compromise accounts on the basis of a fake security warning. The masterminds behind this phishing campaign are said to be targeting around 12,000 Github projects.

Watch out, scammers!

A security researcher with the pseudonym "lc4m" on X warns against this. To trick project owners, the scammers publish a fake security warning in the Issues tab of repositories. This is where users of tools offered via Github actually create messages about bugs so that developers can fix them. As a rule, anyone with a Github account can create such entries.

The fake warning in the name of the Github Security Team states that there have been "unusual access attempts" (Security Alert: Unusual Access Attempt). This is followed by the advice that those affected must act quickly to secure their account. There are several links to change the password, for example. Receiving the fake security warning alone does not mean anything bad for the time being. Victims have to play along so that the attackers can make further progress.

Do not install!

The links all lead to an OAuth app with the name "gitsecurityapp". Caution: This is a backdoor that gives attackers full access to Github accounts. Before installation, the app requests extensive authorizations, including full access to repositories and the editing of user profiles. Anyone who agrees to this loses control of their Github account.

Anyone who has already done so must go to the Github settings and revoke the gitsecurityapp permissions as soon as possible while access is still granted. For security reasons, the access data should also be changed. The extent to which such attacks have already been successful is not yet known. Anyone who has received such a fake warning should delete it immediately.

(des)