A new phishing tool called GoIssue is enabling threat actors to target GitHub users at scale, exposing them to source code theft, supply chain attacks, and potential network breaches. This tool, promoted by a cybercriminal known as cyberdluffy (Cyber D' Luffy), is designed to extract email addresses from public GitHub profiles and send phishing emails directly to users’ inboxes.
According to SlashNext, GoIssue represents a "dangerous shift" in phishing by allowing attackers to craft customized email campaigns, which are difficult for spam filters to detect. The tool is currently offered on the Runion forum at prices starting at $150 for a custom build, with full access to the source code available for $1,000.
In hypothetical attacks, the tool could redirect developers to phishing pages that capture credentials, distribute malware, or authorize rogue OAuth apps. This capability echoes prior campaigns by Gitloker, a group linked to GitHub extortion scams.
GoIssue’s phishing emails often leverage compromised GitHub accounts to tag developers in spam comments. The emails then link users to fake GitHub login pages, requesting authorization for malicious OAuth applications. If permissions are granted, attackers can delete repository content and replace it with ransom demands, urging contact via Gitloker’s Telegram profile.
Additionally, Perception Point reports a rise in two-step phishing attacks using Microsoft Visio (.vsdx) files hosted on SharePoint. These attacks, sent from breached accounts, appear as legitimate proposals but ultimately redirect victims to fake Microsoft 365 login pages for credential harvesting. The strategy exemplifies how attackers exploit familiar platforms to evade security checks.
November 13, 2024
November 13, 2024
November 13, 2024
September 07, 2025
August 30, 2024
February 17, 2025
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
