GitHub Notification System Exploited for MFA-Bypassing Phishing Attacks

Developers are prime targets for threat actors due to their critical role in the software supply chain. Compromising a developer account can lead to widespread organizational breaches, impacting the integrity of code in CI/CD pipelines and production systems. Recent incidents, like the compromise of packages within the Axios and LiteLLM ecosystems, demonstrate this scale, affecting more than 100 million weekly downloads each.

Security researchers uncovered a new phishing method that leverages GitHub’s own infrastructure. Attackers initiate the process by creating a malicious OAuth 2.0 application, often impersonating a legitimate security scanning service. This application requests extensive permissions, including `user:email`, `read:user`, `repo` (full read/write on all repositories), and `workflow` (read/write access to GitHub Actions).

To deliver the phishing lure, attackers exploit GitHub’s issue notification system. When a user is mentioned (`@username`) in a public repository issue, GitHub automatically sends an email notification from the trusted `noreply@github.com` domain. Attackers craft these issue bodies with convincing fake security alerts, embedding phishing links behind legitimate-looking anchor text and often masking them with link shorteners. Because the email originates from GitHub, it consistently bypasses spam filters.

Further evading detection, researchers found a Time-of-Check Time-of-Use (TOCTOU) race condition within GitHub's notification system. Attackers can create an issue to trigger the email notification, then immediately edit or delete the phishing content from the public issue, making retrospective analysis more difficult for victims.

With the requested permissions, an attacker gains near-total control over a victim’s GitHub account. This includes the ability to view private repositories, inject backdoored code, and manipulate CI/CD pipeline configurations, posing a significant supply chain risk. The attack's ability to bypass MFA presents a serious challenge for organizations relying solely on this control.

### What Defenders Should Do

Organizations must educate developers on the specifics of this new phishing technique, emphasizing that even emails from `noreply@github.com` can be malicious. Implement strict internal policies for reviewing and approving GitHub OAuth applications. Regularly audit all active OAuth applications linked to organizational accounts, revoking any with unnecessary or overly broad permissions. Consider the adoption of phishing-resistant multi-factor authentication methods, such as hardware security keys, which offer greater protection against credential harvesting. Monitor for unusual GitHub API activity associated with developer accounts and implement robust code review processes to detect unauthorized changes.

Watch for GitHub's response to the TOCTOU race condition and the continued evolution of supply chain attack vectors targeting developer tools.