Attackers Hijack GitHub Issue Notifications to Deliver OAuth Phishing That Bypasses MFA

Context Developers are high‑value targets because a compromised account can inject backdoors into CI/CD pipelines and production systems. Researchers observed campaigns that masquerade as automated security scans, requesting scopes such as user:email, read:user, repo, and workflow, which grant near‑total control over repositories and actions.

Key Facts The attack starts with a threat‑actor‑controlled GitHub account registering an OAuth app that mimics a legitimate scanner. When the attacker mentions the target in a public issue, GitHub automatically emails a notification from its trusted domain. The email body contains a fake security alert with Markdown‑formatted links that hide the OAuth authorization URL, often shortened to avoid GitHub’s URL filters. Exploiting a time‑of‑check time‑of‑use (TOCTOU) race condition, the attacker creates the issue, triggers the email, then immediately edits the issue to strip all phishing content before the victim opens it, leaving no trace in the issue view.

What It Means Because the lure arrives via GitHub’s own infrastructure, it bypasses spam filters and phishing‑detection tools that rely on sender reputation. The stolen token grants attackers email access, full repository read/write, and workflow manipulation, enabling supply‑chain compromise without triggering MFA prompts.

Mitigations Security teams should: - Monitor OAuth app grants for unusual scopes (especially workflow and repo) and revoke unknown applications. - Enable GitHub’s push protection and secret scanning to detect leaked tokens. - Set up alerts for rapid issue creation followed by immediate edits (edit within seconds of creation). - Block or sanitize Markdown links that point to URL shorteners in issue comments. - Enforce MFA and consider requiring hardware‑based second factors for OAuth token usage. - Educate developers to verify unexpected security alerts through official channels before clicking links.

Watch for GitHub’s response to the TOCTOU flaw and any updates to OAuth app review processes that could close this abuse vector.