GoIssue is a new sophisticated phishing tool targeting GitHub users. It poses a significant threat to developers and organizations worldwide.
Cybersecurity researchers at SlashNext have uncovered this tool, which enables attackers to extract email addresses from public GitHub profiles and launch large-scale phishing campaigns.
GoIssue represents a dangerous evolution in targeted phishing attacks, extending beyond individual developers to threaten entire organizations. The tool systematically harvests email addresses from GitHub profiles using automated processes and GitHub tokens, collecting data based on various criteria such as organization memberships and stargazer lists.
SlashNext observed that, Priced at $700 for a custom build or $3,000 for full source code access, GoIssue combines bulk email capabilities with sophisticated data collection features. It allows attackers to bypass spam filters and target specific developer communities while protecting their identity through proxy networks.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
.webp)
Initial Attack Chain
A typical GoIssue attack begins with harvesting email addresses, followed by mass phishing campaigns using fake GitHub notification emails.
These messages could lead victims to phishing pages designed to steal login credentials, malware downloads, or rogue OAuth app authorization prompts granting attackers access to private repositories and data.
Alarmingly, GoIssue has been linked to the GitLoker extortion campaign, which has been responsible for ongoing attacks using GitHub notifications to push malicious OAuth apps. The connection between the two suggests that GoIssue could be an extension or evolved version of the GitLoker campaign.
The implications of successful GoIssue attacks are far-reaching. They could lead to source code theft, supply chain attacks, and corporate network breaches through compromised developer credentials. For CISOs and security teams, this emergence highlights how development platforms have become security battlegrounds.
To protect against such attacks, GitHub users should adopt best online security practices, including strong password hygiene, enabling two-factor authentication, being cautious of phishing emails, and regularly reviewing OAuth app permissions.
Organizations are advised to use reliable security solutions with phishing protection and conduct regular information security training for employees, including developers.
As the threat landscape continues to evolve, it’s crucial for developers and organizations to stay vigilant and implement robust security measures to safeguard their GitHub accounts and sensitive data from sophisticated phishing tools like GoIssue.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI