Hackers are attacking GitHub users using a sophisticated new Phishing tool called “GoIssue”
GoIssue is a new, sophisticated phishing tool targeting GitHub users, allowing hackers to collect email addresses from GitHub profiles and launch large-scale phishing attacks.
This tool poses a serious threat to GitHub users, especially developers and organizations. Uncovered by cybersecurity experts at SlashNext, GoIssue enables hackers to collect email addresses from GitHub profiles and conduct broad phishing attacks.
The custom version of GoIssue is priced at $700, or $3,000 for full source code access. This tool combines bulk email sending capabilities with advanced data collection functions, enabling it to bypass spam filters. Attackers can also hide their identities through proxy networks and target specific developer communities.
A GoIssue attack typically begins with harvesting email addresses from GitHub profiles. Hackers then send phishing emails that resemble notifications from GitHub. These messages can lead victims to phishing pages to steal login credentials, download malware, or gain unauthorized access to sensitive information via rogue OAuth applications.
GoIssue is also linked to the GitLoker extortion campaign, which has used GitHub notifications to distribute malicious OAuth applications. The connection between GoIssue and GitLoker suggests that GoIssue could be an enhanced or evolved version of the GitLoker campaign.
A successful GoIssue attack could have severe consequences, including source code theft, supply chain attacks, and corporate network breaches. Development platforms are becoming critical targets for security threats, highlighting the need for strong security measures.
To protect against attacks like GoIssue, GitHub users should follow these security practices:
- Use strong and unique passwords.
- Enable two-factor authentication (2FA).
- Be cautious of links in emails, especially if they appear to be from GitHub.
- Regularly review OAuth application permissions.
Organizations are encouraged to deploy reliable phishing protection tools and provide regular security training for employees, particularly developers.
As phishing methods grow increasingly sophisticated, it’s crucial for developers and organizations to adopt strong security measures to protect their GitHub accounts and sensitive information from advanced phishing tools like GoIssue.