Ethical Hacking News
A new phishing tool called GoIssue has emerged, targeting GitHub developers in bulk email campaigns. The threat actor behind the tool claims it offers precision and power for reaching specific audiences or expanding outreach. As a result, there is an increased risk of successful breaches, data theft, and compromised projects among thousands of developers.
The new phishing tool GoIssue targets GitHub developers in bulk email campaigns. The threat actor cyberdluffy (Cyber D' Luffy) is using the tool to launch customized mass email campaigns designed to bypass spam filters and target specific developer communities. GoIssue offers features like sending bulk emails, precision, and power for targeting a specific audience or expanding outreach. The tool's prices start at $150 for custom build and $1,000 for full source code access. The malicious emails aim to capture login credentials, download malware, or authorize rogue OAuth apps that request access to private repositories and data.
In a recent development that has sent shockwaves through the cybersecurity community, a new sophisticated phishing tool called GoIssue has emerged, specifically targeting GitHub developers in bulk email campaigns. The threat actor behind this malicious tool, identified as cyberdluffy (also known as Cyber D' Luffy), has advertised it as a means to extract email addresses from public GitHub profiles and send targeted phishing messages directly to user inboxes.
According to SlashNext, the tool is being used by criminal actors to launch customized mass email campaigns designed to bypass spam filters and target specific developer communities. This marks a "dangerous shift in targeted phishing" that could act as a gateway to source code theft, supply chain attacks, and corporate network breaches via compromised developer credentials.
The GoIssue program offers a range of features, including the ability to send bulk emails to GitHub users directly to their inboxes, targeting any recipient. It also claims to offer precision and power for those aiming to reach a specific audience or expand outreach. The tool's prices have been reduced for its first five customers, with a custom build available for $150 and full source code access priced at $1,000.
In a hypothetical attack scenario, threat actors could use this method to redirect victims to bogus pages that aim to capture their login credentials, download malware, or authorize a rogue OAuth app that requests access to private repositories and data. The malicious emails are triggered automatically by GitHub after the developer accounts are tagged in spam comments on random open issues or pull requests using already compromised accounts.
The fraudulent pages instruct the developers to sign in to their GitHub accounts and authorize a new OAuth application to apply for new jobs. Should the inattentive developer grant all the requested permissions to the malicious OAuth app, the threat actors proceed to purge all repository contents and replace them with a ransom note that urges the victim to contact a persona named Gitloker on Telegram.
"GoIssue's ability to send these targeted emails in bulk allows attackers to scale up their campaigns, impacting thousands of developers at once," SlashNext said. "This increases the risk of successful breaches, data theft, and compromised projects." The development comes as Perception Point outlined a new two-step phishing attack that employs Microsoft Visio (.vdsx) files and SharePoint to siphon credentials.
The email messages masquerade as business proposals sent from previously breached email accounts to bypass authentication checks. Clicking the provided URL in the email body or within the attached .eml file leads the victim to a Microsoft SharePoint page hosting a Visio (.vsdx) file, which contains another clickable link that ultimately leads the victim to a fake Microsoft 365 login page with the ultimate goal of harvesting their credentials.
"Two-step phishing attacks leveraging trusted platforms and file formats like SharePoint and Visio are becoming increasingly common," Perception Point added. "These multi-layered evasion tactics exploit user trust in familiar tools while evading detection by standard email security platforms."
The emergence of GoIssue highlights a growing trend in sophisticated phishing campaigns that exploit vulnerabilities in popular platforms and tools. As cybersecurity threats continue to evolve, it is crucial for developers, organizations, and individuals to remain vigilant and take proactive measures to protect themselves against such attacks.
Related Information:
https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html
Published: Tue Nov 12 09:40:01 2024 by llama3.2 3B Q4_K_M
