A new phishing tool named “GoIssue” has surfaced on a cybercrime forum, posing a significant threat to GitHub users and the broader software development community.
This tool enables cybercriminals to collect email addresses from GitHub profiles and launch bulk phishing campaigns, increasing the risk of source code theft and network intrusions.
Security analysts at SlashNext have also connected GoIssue to the GitLoker extortion campaign.
Increased Risk to GitHub Users and Organizations
GoIssue introduces heightened risks for organizations by targeting GitHub developers and exploiting their trusted access to company systems. According to SlashNext, this tool represents a shift in the cybersecurity landscape as development platforms like GitHub become prime targets for attackers.
By compromising a single developer’s credentials, GoIssue can expose an entire network to supply chain attacks and create vulnerabilities that impact all areas of a company.
For CISOs and security teams, the tool’s emergence signals new concerns about organizational security. GitHub users are the primary targets, but GoIssue highlights how OAuth app-based attacks could allow attackers to exploit access privileges to hijack repositories or disrupt digital projects.
How GoIssue Works
GoIssue automates the process of gathering email addresses from GitHub profiles, using tokens and filters based on criteria such as organization membership and engagement.
Attackers then send phishing emails designed to evade spam filters, reaching developers’ inboxes directly. These fake GitHub notifications may lead to credential theft, malware downloads or unauthorized access to private repositories.
Read more on phishing tactics: Microsoft Visio Files Used in Sophisticated Phishing Attacks
“The emergence of GoIssue signals a new era where developer platforms become high-stakes battlegrounds, and security defenses must evolve rapidly to counteract this pervasive threat,” commented Jason Soroko, senior fellow at Sectigo.
“By automating email address harvesting and executing large-scale, customized phishing campaigns, this tool enables attackers to exploit trusted developer environments.”
GoIssue Pricing and Availability
Marketed at $700 for a custom version or $3,000 for full source code, GoIssue offers anonymity for attackers through proxy networks, allowing for large-scale, highly targeted campaigns. This accessibility allows attackers to target thousands of developers with phishing campaigns that pose serious risks for developers and organizations alike.
“As attackers leverage automation and advanced tools with increasing sophistication, we must give people the instincts to recognize a suspicious email and the skills to report threats that bypass filters,” warned Mika Aalto, co-founder and CEO at Hoxhunt.
“Equally important, we need to integrate human threat intelligence into the center of the security stack. A good human risk management platform equips SOC teams with the tools to leverage human intelligence for accelerated detection and response.”
Image credit: Michael Vi / Shutterstock.com