hngopher.com

       [HN Gopher] GitHub Notification Emails Hijacked to Send Malware
       ___________________________________________________________________
        
       GitHub Notification Emails Hijacked to Send Malware
        
       Author : crtasm
       Score  : 62 points
       Date   : 2024-09-19 21:16 UTC (1 hours ago)
        
 (HTM) web link (ianspence.com)
 (TXT) w3m dump (ianspence.com)
        
       | qwertox wrote:
       | It's worth the read, he shows what they're trying to do.
       | 
       | Easy to be suspicious with the link alone, but its fun to see
       | someone digging into it.
        
       | slig wrote:
       | Seriously how hard it can be for GH to detect that a randomly
       | just created account is creating issues, with the same text,
       | containing a link inside?
       | 
       | I got dozens of such spam during a whole day.
        
         | nine_k wrote:
         | Once they introduce that, the texts will become more varied,
         | and links, possibly, too.
         | 
         | There are more possible next steps, which would make creating
         | accounts for spamming more expensive, but they will also
         | inconvenience well-meaning new users.
         | 
         | I suspect that unless the problem of malicious spam from GitHub
         | comments becomes rather serious, acting on the case by case
         | basis may be the correct solution.
        
       | elashri wrote:
       | > The attacker quickly deletes the issue
       | 
       | I realized I have never deleted an issue I started but doesn't
       | people with admin access the only with ability to delete the
       | issues on a repo? [1]. So actually there is a trace for that
       | issue in the repository. Same thing for Pull requests.
       | 
       | [1] https://docs.github.com/en/issues/tracking-your-work-with-
       | is...
        
         | 8organicbits wrote:
         | Maybe GitHub had already deleted it as malicious, but the email
         | was already delivered.
        
       | theamk wrote:
       | Do people really fall for scam like that?
       | 
       | First, I assume the author knows the email came from github, as
       | the screenshot does not show this very clearly. If that's the
       | case:
       | 
       | Red flag #1: email links to a variation of real domain. If you
       | don't have information on who github-scanner.com is, it is pretty
       | safe to assume it's a scam , just because it sounds like a real
       | website.
       | 
       | GIANT Enormous Huge Red Flag #2: captcha asks you to types
       | command in shell. I have no comment on how naive one must be to
       | do this.
        
       | kyledrake wrote:
       | I received one of these notifications this morning and promptly
       | ignored it. I had to laugh because it was about this repo
       | specifically: https://github.com/kyledrake/theftcoinjs
        
       ___________________________________________________________________
       (page generated 2024-09-19 23:00 UTC)