Threat Alert: Social Engineering Attacks Target GitHub Developers

• There are reports of attackers carrying out impersonation attacks targeting developers active on GitHub. 
• Attackers create or take over accounts on popular sites like LinkedIn or GitHub that appear to belong to developers or recruiters. The attackers then use these sites to invite targeted developers active on GitHub to collaborate on a repository. 
• Attackers attempt to convince the developer to clone and execute the repository, which includes malicious node package manager (npm) dependencies that ultimately lead to the installation of malicious software (malware). 

Key Actions (at Work and at Home)

• Be suspicious of social networking messages from people you don’t know. Cybercriminals know that many people accept every connection request they’re sent. Once they’re connected, they have more opportunities to manipulate. Remember: Phishing techniques aren’t limited to email. 
• Be cautious of any requests for collaboration. Always vet requestors and any projects they are requesting you collaborate on. Be especially cautious of requests to open documents or to use requestor-supplied code.
• Report suspicious activity to the Service Desk Immediately.  They can be reached at 415.514.4100.