Fake GitHub Security Alerts Could Let Hackers Hijack Accounts

by Justin Erickson

Security researchers have uncovered a malicious campaign using fake GitHub security alerts to trick users into installing a fraudulent OAuth application. With this app – “gitsecurityapp” – permissions can be elevated greatly and give them access to organizations membership information, control over GitHub Action workflows, and more. Attackers can then delete entire projects, exfiltrate sensitive code, and do other fraudulent acts. How to protect yourself? Immediately revoke the OAuth app’s access, double check for suspicious GitHub Actions/Workflows, check that no private gists were created, and rotate your credentials and authorization tokens.