Summary: A phishing campaign has targeted approximately 12,000 GitHub repositories using fake “Security Alert” issues that mislead developers into authorizing a malicious OAuth app, granting attackers full control over their accounts. The alerts claim unusual access attempts, prompting users to click links that lead to the harmful app. Immediate action is recommended for those who may have been compromised, including revoking access to suspicious apps and rotating credentials.
Affected: GitHub users
Keypoints :
- Nearly 12,000 GitHub repositories targeted with fake security alerts.
- Phishing messages mimic GitHub alerts about unusual login attempts.
- Malicious OAuth app requests risky permissions, including full repository access and user profile editing.
- Users advised to revoke access to suspicious OAuth apps and change their credentials immediately.