Thursday, May 22, 2025
HomePassword AttacksHackers Abuse GitHub Service to Host Variety of Phishing Kits to Steal...

Hackers Abuse GitHub Service to Host Variety of Phishing Kits to Steal Login Credentials

Published on

SIEM as a Service

Follow Us on Google News

Hackers abuse popular code repositories service such as GitHub to host a variety of phishing domains to make their targets to believe it is through github.io domains.

By using well-known services like Dropbox, Google Drive, Paypal, eBay, and Facebook, attackers able to bypass whitelists and network defenses.

Proofpoint identified a range of malicious activities that target users from various organizations. Here is the Example of a phishing kit hosted on GitHub service that lures the login credentials of a retail bank.

- Advertisement - Google News
GitHub service

Threat actors use github.io based landing pages to make the victims believe it is from the trusted source and to bypass traditional security solutions. The Phishing page uses the stolen brand logo and the graphics.

“In most cases of GitHub abuse described here, threat actors establish a canonical code repository site within the github.io canonical domain that resembles the brand they are abusing”, reads Proofpoint blog post.

app-l0gin- [.] github [.] io

Source code analysis reveals that the HTML script is slightly obfuscated and the lured credentials are sent to another compromised server that owned by attackers. Attackers use public GitHub landing page with PHP script loaded from remote servers.

GitHub service

Some threat actors use github.io domain only as a traffic redirector, “we were able to observe when actors made changes to their hosted web pages and most kits are not written from scratch and are instead simply modified by different actors.”

Proofpoint reported the abuse to GitHub and all the phishing accounts has been taken down by GitHub.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gentoo Linux GitHub Account Hacked, Attackers Modified Repositories

Hacker disclosed GitHub secret key hunter – TruffleHog

GitHub Announces Unlimited Private Repositories For Free Plan

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lumma Stealer Infrastructure Behind Global Attacks on Millions of Users Dismantled

The U.S. Justice Department, in collaboration with the FBI and private sector partners like...

Cybercriminals Using Trusted Google Domains to Spread Malicious Code

A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps...

Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT

Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel's SMB server...

Gujarat Teen Arrested for Orchestrating Over 50 Cyberattacks in ‘Operation Sindoor’

Gujarat Anti-Terrorism Squad (ATS) has apprehended two individuals, including a minor, for orchestrating a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Using Trusted Google Domains to Spread Malicious Code

A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps...

Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack

Coinbase users have become the prime targets of an intricate social engineering campaign since...

New Phishing Attack Uses AES & Malicious npm Packages to Office 365 Login Credentials

Fortra’s Suspicious Email Analysis (SEA) team uncovered a highly sophisticated phishing campaign targeting Microsoft...