GitHub phishing campaign wipes repos, extorts victims

GitHub users are being targeted by a phishing campaign that tricks victims through notifications and a malicious third-party application (OAuth app). The scam instigates when a user’s username is mentioned in a comment, leading to a legitimate notification email from a GitHub-associated address. Attackers camouflage themselves as GitHub staff and deceive users into granting access and control over their accounts to an external application. Once this request is approved, the attackers erase the content of a user’s repositories, replacing it with instructions to contact a point person (“gitloker”) on Telegram for data recovery.