GoIssue phishing tool targets GitHub developer credentials

Researchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks.

Marketed on a cybercrime forum, GoIssue allows attackers to send bulk emails while keeping their identity hidden using proxies. The tool’s capabilities extend beyond simple phishing, posing a threat to entire organizations by potentially hijacking developer accounts and accessing private repositories.

GoIssue may be linked to the GitLoker extortion campaign, which uses malicious OAuth apps for unauthorized access. The tool’s creator, cyberluffy, has connections with the GitLoker team, suggesting a coordinated effort to exploit GitHub notifications for phishing attacks.

“While GitHub users are the immediate targets, the implications ripple throughout organizations, turning trusted developer access into potential organizational vulnerabilities that could compromise entire digital transformation initiatives,” SlashNext researchers say.