Security News > 2023 > June > Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.
VulnCheck, which discovered the activity, said, "The individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security."
The cybersecurity firm said it first came across the rogue repositories in early May when they were observed pushing similar PoC exploits for zero-day bugs in Signal and WhatsApp.
Besides sharing some of the purported findings on Twitter in an attempt to build legitimacy, the network of accounts even uses headshots of actual security researchers from companies like Rapid7, suggesting that the threat actors put significant effort into crafting the campaign.
"The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware," VulnCheck researcher Jacob Baines said.
The findings show the need for exercising caution when it comes to downloading code from open source repositories.
News URL
https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Linux wiper malware hidden in malicious Go modules on GitHub (source)
- Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times (source)