One-Click GitHub Attack Steals OAuth Tokens

Fast Facts

Attackers can hijack GitHub OAuth tokens via malicious VS Code extensions, granting full access to private repositories without user consent.
The vulnerability exploits webview message-passing mechanisms and extension installation bypasses, allowing remote code execution within VS Code.
Successful exploitation enables enumeration and potential manipulation of a victim’s entire GitHub repository space, including private data.

The Threat, Attack Techniques, and Targets

Cybersecurity researchers have revealed a one-click attack that uses Microsoft Visual Studio Code (VS Code). The attack targets users who access GitHub.dev. By clicking a malicious link, attackers can steal a user’s GitHub OAuth token. This token allows access to all repositories, including private ones. The attack exploits a feature called GitHub.dev, which runs a web-based version of VS Code in the browser. When a user interacts with GitHub.dev, their OAuth token is sent to it. Hackers can use this process to install malicious extensions. These extensions run harmful JavaScript inside webviews, which are parts of the VS Code environment. This JavaScript can simulate keystrokes and install extensions that steal the OAuth token. The attackers can then query GitHub’s API to find private repositories the user has access to.

Impact, Security Implications, and Remediation Guidance

This vulnerability can lead to serious security issues. Attackers can steal tokens that give full access to private repositories. With this, they can read or write code without permission. The attack also bypasses usual trust checks for extensions. This means malicious extensions can install quietly and steal data. GitHub has been notified, and Microsoft is working on fixing the problem. It is important to note that this issue does not affect the desktop version of VS Code. For guidance on how to protect systems and fix this vulnerability, users should contact their vendor or check official security advice from Microsoft and GitHub.

Stay Ahead with the Latest Tech Trends

Explore the future of technology with our detailed insights on Artificial Intelligence.

Discover archived knowledge and digital history on the Internet Archive.

ThreatIntel-V1

What's Hot

Hackers Exploit Fake Orders to Deploy JS.MonoGlyphRAT in US Enterprises

AI-Driven Attacks: Hackers Bypass Security with Automated Directory and EDR Evasion

One-Click GitHub Attack Steals OAuth Tokens

One-Click GitHub Attack Steals OAuth Tokens

Hackers Exploit Fake Orders to Deploy JS.MonoGlyphRAT in US Enterprises

AI-Driven Attacks: Hackers Bypass Security with Automated Directory and EDR Evasion

Hackers Exploit YouTube and SEO to Spread WeedHack Minecraft Malware

Hackers Exploit Fake Orders to Deploy JS.MonoGlyphRAT in US Enterprises

AI-Driven Attacks: Hackers Bypass Security with Automated Directory and EDR Evasion

Hackers Exploit YouTube and SEO to Spread WeedHack Minecraft Malware

Lessons from the Canvas Cyberattack

Hackers Exploit Fake Orders to Deploy JS.MonoGlyphRAT in US Enterprises

AI-Driven Attacks: Hackers Bypass Security with Automated Directory and EDR Evasion

Hackers Exploit YouTube and SEO to Spread WeedHack Minecraft Malware

Our Picks

Hackers Exploit Fake Orders to Deploy JS.MonoGlyphRAT in US Enterprises

AI-Driven Attacks: Hackers Bypass Security with Automated Directory and EDR Evasion

One-Click GitHub Attack Steals OAuth Tokens

Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

The New Face of DDoS is Impacted by AI

Archives

Categories

Subscribe to Updates

What's Hot

One-Click GitHub Attack Steals OAuth Tokens

Fast Facts

The Threat, Attack Techniques, and Targets

Impact, Security Implications, and Remediation Guidance

Stay Ahead with the Latest Tech Trends

Related Posts