GitHub Service Abused by Attackers to Host Phishing Kits [source: bleepingcomputer]
Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service’s free repositories to deliver them to their targets via github.io domains.
This technique allows crooks to take advantage of the GitHub Pages service to bypass both whitelists and network defenses, just like the “use of large consumer cloud storage sites, social networking, and commerce services such as Dropbox, Google Drive, Paypal, Ebay, and Facebook” makes it possible to have their malicious activities blend in within legitimate web traffic.
The researchers state that GitHub took down all the accounts discovered to be involved in the malicious activity as of April 19, 2019, while also being “extremely responsive in addressing this abuse of their systems.”
As discovered by Proofpoint’s research team, multiple threat actors used github.io domains as part of various malicious campaigns including phishing attacks which directed victims to landing pages hosted on GitHub’s service.
For instance, one of the attackers hosted a phishing kit designed to steal credentials from the customers of a retail bank brand after redirecting them to the landing page via malicious emails.
For more, click here.
WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes
25 Oct 2022 - News, News Clipping
30 Jun 2021 - CIRT In Media, News Clipping