Y Combinator Phishing Scam Targets Developers Through GitHub Notifications

Y Combinator Phishing Scam Targets Developers

Cybercriminals impersonated Y Combinator on GitHub to steal cryptocurrency wallets.

Fake accounts like ycombinato, ycommbbinator, and ycoommbinator triggered mass issue notifications.

A malicious GitHub app named ycombinatornotify helped distribute phishing messages.

Victims were lured to a typosquatted site (y-comblnator.com) mimicking Y Combinator’s application portal.

GitHub suspended malicious accounts, but users faced persistent notification badges requiring API commands to clear.

Overview

A new GitHub phishing scam has surfaced, where cybercriminals are impersonating Y Combinator, the prestigious startup accelerator, to steal developers’ cryptocurrency wallets. The attack leverages GitHub’s notification and issue tracking system to bypass traditional email security and trick developers with fake investment opportunities.

How the GitHub Phishing Attack Works

Threat actors created multiple fake GitHub accounts with names resembling Y Combinator, including ycombinato, ycommbbinator, and ycoommbinator. They even launched a malicious GitHub app named ycombinatornotify. Each fraudulent repository generated nearly 500 issues before hitting GitHub’s API rate limits. These issues contained phishing messages and tagged random GitHub users, ensuring the malicious notifications spread widely and appeared authentic since they were delivered via GitHub’s legitimate notification system.

Fake Y Combinator Funding Opportunity

Victims received notifications claiming they had been “selected for funding” by Y Combinator. To access this supposed investment, developers were asked to verify their cryptocurrency wallets or make authorization deposits. This social engineering tactic exploited the credibility of Y Combinator and the high value associated with joining its accelerator program.

← Back to News