GitHub Community
ghrc.io appears to be a malicious typo-squat #170901
Unanswered
sudo-bmitch
asked this question in
Packages
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
General
Body
I'm not sure where best to report this, but ghrc.io is not just an nginx instance setup on a typo-squatted domain. It's configured to steal credentials from anyone that mistakenly tries to login to the wrong server. I've put up a blog post at https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/ with more details of this. Perhaps someone at GitHub would be able to track down what the attacker is trying to do with any stolen credentials.
Beta Was this translation helpful? Give feedback.
All reactions