GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
The bogus messages inform recipients that the user terms and privacy policy have changed and they need to sign into their GitHub account to accept the modifications and keep using the services.
The threat actors’ goal is to steal GitHub account credentials and two-factor authentication (2FA) codes by relaying them through reverse proxies.
Accounts protected with hardware security keys for multi-factor authentication (MFA) are not vulnerable to this attack.
“While GitHub itself was not affected, the campaign has impacted many victim organizations,” GitHub informs in an advisory on Wednesday.
CircleCI has also posted a notice on its forums to raise awareness of the malicious campaign, explaining that the platform would never ask users to enter credentials to view changes in its terms of service.
