In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application.
Successful execution of the Click-fix campaign, which has reportedly targeted over 12,000 GitHub repositories, can allow attackers full control over the affected accounts and codes.