Excerpt from Bleeping Computer Article, Published on Mar 16, 2025.
A recent phishing attack on GitHub repositories has raised serious concerns across the developer community. This GitHub phishing attack leveraged malicious OAuth tokens to gain unauthorized access to private repositories, affecting dozens of organizations. The attackers used cloned GitHub login pages to deceive users, ultimately compromising credentials and sensitive repository data.
A massive phishing campaign has now targeted nearly 12,000 GitHub repositories, exploiting fake “Security Alert” issues to trick developers into granting access to a rogue OAuth app named “gitsecurityapp.” The attack begins with a fraudulent issue posted on GitHub, warning of an “unusual access attempt” from Reykjavik, Iceland. It then urges recipients to act quickly by clicking on malicious links disguised as security update instructions.
Once clicked, victims are directed to an OAuth authorization page where the fake app requests alarming permissions—such as access to public and private repositories, ability to modify user profiles, delete repositories, and retrieve organization membership details. This dangerous form of OAuth token phishing results in a full GitHub repository compromise, handing attackers complete control over the user’s account.
The campaign was first flagged by security researcher Luc4m, prompting a rapid GitHub cybersecurity response. Despite GitHub’s efforts to mitigate the attack, the threat continues to evolve. This is yet another example of phishing in developer ecosystems, where developer security breaches are now more sophisticated and automated than ever.
Users who mistakenly authorized the malicious OAuth app should immediately revoke its access from their settings, rotate credentials, and review repository activity. To defend against future breaches, developers are strongly encouraged to follow compliance best practices like ISO 27001 for software development and remain cautious of unfamiliar apps or security warnings.
To delve deeper into this topic, please read the full article Bleeping Computer.
