GitHub repositories attacked and deleted in new extortion scam

GitHub users are falling victim to an ongoing blackmail campaign that threatens to permanently delete their data.

Cybersecurity researchers at CronUp have warned of a threat actor using the pseudonym Gitloker who is breaking into users’ GitHub accounts, stealing their content, and then deleting the accounts.

The attacker then left a message on the account and invited the victim to a Telegram chat where they could negotiate the return of the files in exchange for money: “I hope this message reaches you safely. This is an urgent communication to inform you that your data has been compromised and we have secured a backup,” the attacker’s ransom note states.

Securing your GitHub account

It is currently unknown how Gitloker was able to compromise these accounts. PiepComputer speculates that they are likely using credentials stolen in previous attacks or they may have obtained them on the dark web.

Due to its enormous popularity, GitHub is often the target of a barrage of various cyberattacks. Users should therefore do their part to secure their files on the platform by enabling two-factor authentication or setting up a passkey as an alternative to a password-based login. They should review and revoke unauthorized access to SSH keys, deployment keys, and authorized integration, and verify all email addresses associated with their account.

Finally, they should keep an eye on security protocols and manage webhooks.

Typically, threat actors attempt to inject malware into GitHub repositories, often through typosquatting. They create a repository with a name almost identical to that of a legitimate package and use automated bots to give it a high rating and some solid reviews. They then promote it in coding communities and similar forums.

Besides GitHub, PyPI is another popular code repository that often struggles to contain hacker campaigns.

Related Posts

Health facilities and workers in conflict zones faced a record number of attacks last year – Mother Jones

Telugu doctor killed in bizarre road accident in the USA

Implosion of the submersible Titan: Coast Guard: Investigation of the accident takes longer than planned