Saturday, November 2, 2024
HomePassword AttacksHackers Abuse GitHub Service to Host Variety of Phishing Kits to Steal...

Hackers Abuse GitHub Service to Host Variety of Phishing Kits to Steal Login Credentials

Published on

Malware protection

Hackers abuse popular code repositories service such as GitHub to host a variety of phishing domains to make their targets to believe it is through github.io domains.

By using well-known services like Dropbox, Google Drive, Paypal, eBay, and Facebook, attackers able to bypass whitelists and network defenses.

Proofpoint identified a range of malicious activities that target users from various organizations. Here is the Example of a phishing kit hosted on GitHub service that lures the login credentials of a retail bank.

- Advertisement - SIEM as a Service
GitHub service

Threat actors use github.io based landing pages to make the victims believe it is from the trusted source and to bypass traditional security solutions. The Phishing page uses the stolen brand logo and the graphics.

“In most cases of GitHub abuse described here, threat actors establish a canonical code repository site within the github.io canonical domain that resembles the brand they are abusing”, reads Proofpoint blog post.

app-l0gin- [.] github [.] io

Source code analysis reveals that the HTML script is slightly obfuscated and the lured credentials are sent to another compromised server that owned by attackers. Attackers use public GitHub landing page with PHP script loaded from remote servers.

GitHub service

Some threat actors use github.io domain only as a traffic redirector, “we were able to observe when actors made changes to their hosted web pages and most kits are not written from scratch and are instead simply modified by different actors.”

Proofpoint reported the abuse to GitHub and all the phishing accounts has been taken down by GitHub.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gentoo Linux GitHub Account Hacked, Attackers Modified Repositories

Hacker disclosed GitHub secret key hunter – TruffleHog

GitHub Announces Unlimited Private Repositories For Free Plan

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Nintendo Warns of Phishing Attack Mimics Company Email Address

Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking...

Beware Of Callback Phishing Attacks Google Groups That Steal Login Details

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are...