Malware, Supply chain

Fraudulent PoC exploits prevalent on GitHub

Thousands of GitHub repositories have been discovered to feature phony proof-of-concept exploits for different vulnerabilities, with the odds of being impacted by malware up to 10.3% higher than securing a PoC, reports BleepingComputer. Researchers at the Leiden Institute of Advanced Computer Science examined 47,313 GitHub repositories promoting an exploit for flaws from 2017 to 2021 and found that 4,893 were malicious, most of which involved 2020 security flaws. Such malicious repositories were identified to have various malware and malicious scripts, with the PoC for the BlueKeep flaw, tracked as CVE-2019-0708, found to contain the Houdini RAT trojan. Moreover, another fraudulent PoC was determined to be an information-stealing malware targeting IP addresses, system information, and user agents. Darktrace security researcher El Yadmani Soufian, who was one of the researchers behind the study, noted that the prevalence of malicious PoCs in GitHub should prompt software testers to carefully examine PoC code, sandbox excessively obfuscated code, and leverage VirusTotal and other open-source intelligence tools to prevent compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.