New Gitloker Attacks Target GitHub Repos for Extortion By Wiping Data

2 Mins Read

PureVPNNewsNew Gitloker Attacks Target GitHub Repos for Extortion By Wiping Data

GitHub repositories are currently facing a newly identified threat dubbed Gitloker. These attacks involve malicious actors wiping the contents of repositories and leaving a cryptic message for the victims. The discovery was made public by security expert Germán Fernández from the Chilean cybersecurity firm CronUp. Find out more below!

How Gitloker Works

The attacker, who uses the Gitloker handle on Telegram and poses as a cyber incident analyst, is believed to gain access to GitHub accounts by using stolen login credentials. Once inside, they not only wipe the repository data but also create backups, purportedly to assist in data restoration. 

Victims find their repositories renamed, and a README.me file is added that instructs them to contact the attackers through Telegram. The ransom note typically starts with a courteous greeting, followed by an urgent warning about the compromised data and the availability of a secure backup.

The ransom note states, “I hope this message finds you well. This is an urgent notice to inform you that your data has been compromised, and we have secured a backup.” Meanwhile, GitHub has recommended that users update their passwords to safeguard their accounts from unauthorized access. 

Best Practices for Securing Your GitHub Account

To enhance the security of your GitHub account and identify any unusual activities, you should also take the following steps:

  • Activate two-factor authentication to add an extra layer of security.
  • Implement a passkey for a secure, password-free login option.
  • Audit and remove any unauthorized SSH keys, deploy keys, and integrations.
  • Confirm all email addresses linked to your account to ensure they are valid.
  • Monitor your account’s security logs to keep an eye on repository changes.
  • Carefully manage webhooks associated with your repositories.
  • Inspect and revoke any unfamiliar deploy keys.
  • Check recent commits and the collaborators added to your repositories regularly.

GitHub: A Common Target of Data Theft 

In March 2020, GitHub experienced a serious security breach when hackers infiltrated Microsoft’s private repositories and stole over 500GB of data. Microsoft confirmed that the stolen files primarily consisted of code samples, test projects, and other non-critical items. 

However, security experts were alarmed by the possibility that private API keys or passwords could have been exposed during the incident. The breach was attributed to a group known as ShinyHunters, who later released the stolen data on a hacker forum for free.

GitHub was also the target of a phishing campaign in September 2020. The attackers sent out deceptive emails posing as CircleCI notifications to steal GitHub credentials and two-factor authentication codes using reverse proxies to relay the stolen information.

author

Anas Hasan

date

June 7, 2024

time

1 year ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025
A Single Password Breach Shut Down a 158 Year Old Business

A Single Password Breach Shut Down a 158 Year Old Business
Posted on October 7, 2025
Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely

Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely
Posted on September 5, 2025

Have Your Say!!