Numerous phishing websites are being hosted on github.io domains by attackers who are taking advantage of free code repositories within the GitHub service. Although many of the domains are used to carry out phishing campaigns, others are being used as traffic redirectors which allow for the phishing sites to stay online for a longer amount of time. One specific phishing email campaign involving a retail bank brand was sending potential victims to a page hosted by the GitHub service. That page displays a login form which would pull the username and password from the user that entered it. Information that is collected is then transferred to other compromised servers being used by the attackers. Regularly hosted PHP methods are not used because the github.io platform does not come with PHP back end services. Since free GitHub accounts were used, the repository activity was easily viewable. Researchers were able to view the action on the accounts and discovered that the kits were designed to adapt to their specific purpose.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in