Clever 'GitHub Scanner' campaign abusing repos to push malware

[hasecilu]

Caution

Basically I got an pishing email which apparently leads to Lumma Stealer information-stealing malware, the interesting thing is that they used GitHub notification system to make it seem legit, <<< Issue #147 >>>.

Important

I think the users that are subscribed to the repo are also notified, so be careful, don't click suspicious links and don't copy-paste commands on the terminal.

Anyway, read the article attached below to know more about it.

Hey there!

We have detected a security vulnerability in your repository. Please contact us at h t t p s : / / github-scanner [dot] shop to get more information on how to fix this issue.

Best regards,
Github Security Team

—

---

News article: https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/
Virus total URL analysis: https://www.virustotal.com/gui/url/3413e5b9178cc96a7246ee2c9fc4e84756e4911a521a40c450c51bd8eafb89e2/detection

[Finii]

Thanks for sharing.

I assume you deleted Issue 147? How did you do that? I remember some other spam in another repo and I could not delete it - but that is possibly because I'm too stupid :-D

[Freddywhest]

Man, this issue is rampant across almost all public repos on GitHub.

[hasecilu]

I assume you deleted Issue 147? How did you do that? I remember some other spam in another repo and I could not delete it - but that is possibly because I'm too stupid :-D

Actually not, probably was GitHub, when i clicked the view it on GitHub link the issue was gone