Fake Linux leader using Slack to con devs into giving up their secrets

Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.

Open Source Security Foundation (OpenSSF) CTO Christopher Robinson told The Register that the social engineering campaign specifically targets TODO (Talk Openly, Develop Openly) and CNCF (Cloud Native Computing Foundation), two projects hosted by the Linux Foundation.

TODO aims to help organizations share best practices and tools for managing open source initiatives, and CNCF supports cloud-native projects including Kubernetes, Envoy, and Prometheus.

After posing as a trusted Linux Foundation community leader in Slack, the attacker tried to trick developers into clicking a phishing link hosted on Google Sites: https://sites[.]google[.]com/view/workspace-business/join.

The link imitates a legitimate Google Workspace sign-in flow but leads users ...