Cybersecurity experts are highlighting a newly advanced tool named GoIssue, capable of deploying phishing messages at scale, specifically aimed at GitHub users.
Initially promoted by a threat actor known as cyberdluffy (also referred to as Cyber D’ Luffy) on the Runion forum in early August, the tool is advertised as enabling cybercriminals to gather email addresses from public GitHub profiles and send bulk messages directly to user inboxes.
“Whether you’re looking to connect with a targeted audience or broaden your reach, GoIssue delivers the precision and impact you require,” the threat actor stated in their announcement. “GoIssue can dispatch bulk emails to GitHub users, reaching their inboxes and targeting any desired recipient.”
SlashNext described the tool as a “concerning advancement in targeted phishing,” one that may facilitate access to source code theft, supply chain attacks, and breaches into corporate networks by exploiting developer credentials.
“Equipped with this data, attackers can execute tailored mass email campaigns engineered to bypass spam filters and engage specific developer groups,” the company stated.
A custom version of GoIssue is priced at $700, while full access to its source code is available for $3,000. However, as of October 11, 2024, discounts have reduced these prices to $150 for the custom build and $1,000 for the complete source code for “the first 5 buyers.”
In a potential attack scenario, a threat actor might use this tool to direct victims to fraudulent pages designed to capture login details, install malware, or authorize a deceptive OAuth app requesting access to their private repositories and data.
Another noteworthy aspect of cyberdluffy’s online presence is their Telegram profile, where they claim to be a “member of the Gitloker Team.” Gitloker was previously linked to a GitHub-specific extortion scheme that involved deceiving users into clicking on a malicious link by posing as GitHub’s security or recruitment teams.
