Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens

A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow.

Security experts, notably from Praetorian, have warned that threat actors are leveraging this mechanism to trick developers into surrendering access to their most sensitive code repositories and CI/CD pipelines.

The attacks pose a substantial risk to intellectual property and could facilitate large-scale supply chain attacks.

The Attack Methodology: From Device Codes to Rogue Tokens

At the heart of the attack is GitHub’s device code authentication, designed to help users log in on devices with limited input, such as smart TVs or IoT devices.

The process is straightforward: a device requests a short-lived code and a verification URL from GitHub’s OAuth service. T

The user enters the code in a browser to authenticate the device, which then fetches ...