GitHub Users Being Hacked? Meet the ‘GoIssue’ Phishing Tool

GitHub users may be at risk from a sophisticated new phishing tool called “GoIssue,” cybersecurity researchers at SlashNext report.

This tool, developed by a threat actor known as “cyberdluffy,” has capabilities for extracting email addresses from public GitHub profiles, enabling cybercriminals to launch targeted phishing campaigns that could compromise developer accounts and potentially lead to source code theft or broader supply chain attacks.

According to SlashNext, GoIssue functions by systematically harvesting email addresses from GitHub profiles using GitHub tokens and automated processes.

These addresses are collected based on various criteria, such as organization memberships or stargazer lists, making it easier for attackers to create highly targeted and convincing phishing emails.

Once attackers have these emails, they can send bulk phishing messages that mimic legitimate GitHub notifications, potentially leading recipients to phishing pages designed to steal login credentials or download malware.

While there is no confirmed evidence of the tool being actively deployed, SlashNext warns of the substantial threat it poses. The phishing campaigns could potentially lead to OAuth-based attacks, where malicious apps prompt users to unknowingly grant access to their private repositories.

WordPress and GitHub Integration: Live and Local Environment (A Step-by-Step Guide)

In one recent trend, similar tactics were observed in a campaign named “GitLoker,” which has been connected to a series of GitHub notification-based phishing attacks. Experts speculate that GoIssue may represent an evolution of these campaigns, further highlighting how platforms like GitHub have become a focal point for sophisticated phishing schemes.

GoIssue is priced at $700 for a customized version or $3,000 for complete source code access. Recent price cuts to $150 and $1,000 for early customers suggest the tool may still be in its initial distribution phase, according to findings by TheHackerNews.

Despite its low entry cost, the tool has powerful capabilities, including bulk email sending and advanced data collection features, with built-in proxy support to help attackers maintain anonymity and bypass spam filters.

How Can GitHub Users Avoid The Hack?

To protect themselves, GitHub users are advised to adopt best practices, such as enabling two-factor authentication, maintaining strong passwords, and being cautious of unexpected emails resembling GitHub notifications.

Regular reviews of OAuth permissions and proactive phishing protection are also recommended by organizations reporting the news.

Try our GitHub-Friendly Platform for a Seamless Development Workflow!

Whether you’re a beginner or an expert, Cloudways Platform is based on UI, where you can make changes in a few seconds.

Try Today

How Safe Is GitHub?

GitHub is considered to be one of the most safe and secure platforms used by developers and organizations for hosting code, managing versions and collaboration. However, as a popular platform, its account becomes attractive to cyber threats on a regular basis, and frequent attacks are phishing, supply chain, and account takeovers.

As phishing tools like GoIssue become more accessible and sophisticated, cybersecurity experts warn that both individual developers and organizations must remain vigilant to prevent unauthorized access and safeguard critical assets on GitHub.