Security News > 2023 > June > Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.

VulnCheck, which discovered the activity, said, "The individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security."

The cybersecurity firm said it first came across the rogue repositories in early May when they were observed pushing similar PoC exploits for zero-day bugs in Signal and WhatsApp.

Besides sharing some of the purported findings on Twitter in an attempt to build legitimacy, the network of accounts even uses headshots of actual security researchers from companies like Rapid7, suggesting that the threat actors put significant effort into crafting the campaign.

"The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware," VulnCheck researcher Jacob Baines said.

The findings show the need for exercising caution when it comes to downloading code from open source repositories.

News URL

https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html