DACBARBOS BrandMar 26
Socket

🚨 We’re seeing a widespread GitHub campaign using fake VS Code alerts + Google redirects to route developers to attacker infrastructure.

The flow adapts based on cookies and fingerprints users before serving a second-stage attack. Not your average phishing link.

Sharing to help warn developers what to look for:

https://socket.dev/blog/widespread-github-campaign-uses-fake-vs-code-security-alerts-to-deliver-malware

Widespread GitHub Campaign Uses Fake VS Code Security Alerts...

Widespread GitHub phishing campaign uses fake Visual Studio Code security alerts in Discussions to trick developers into visiting malicious website.

Socket
Mar 25 at 8:39pmWeb
Show threadSocketMar 25
cc: @campuscodi These seem like obviously shady links but all they need is to catch is a few tired developers. Even low conversion rates can yield meaningful results for attackers.