GitHub Mistakenly Hosts Multiple Phishing Kits

Proofpoint researchers discovered that threat actors are hosting and distributing numerous phishing kits by exploiting GitHub’s free repositories and “” domains. Using GitHub accounts allowed the traffic to become obfuscated within legitimate traffic to bypass network security. Proofpoint researchers were able to monitor the repository activity as the threat actors were using GitHub’s free account services. One of the most recently identified accounts hosted a payment MageCart skimmer affecting hundreds of e-commerce sites. The sensitive data collected was forwarded to compromised servers. GitHub has taken down multiple accounts involving this malicious activity. The NJCCIC recommends users avoid clicking on any links contained in suspicious emails and instead navigate directly to the URL.