Security News > 2023 > June > Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.
VulnCheck, which discovered the activity, said, "The individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security."
The cybersecurity firm said it first came across the rogue repositories in early May when they were observed pushing similar PoC exploits for zero-day bugs in Signal and WhatsApp.
Besides sharing some of the purported findings on Twitter in an attempt to build legitimacy, the network of accounts even uses headshots of actual security researchers from companies like Rapid7, suggesting that the threat actors put significant effort into crafting the campaign.
"The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware," VulnCheck researcher Jacob Baines said.
The findings show the need for exercising caution when it comes to downloading code from open source repositories.
News URL
https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html
Related news
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- GitHub projects targeted with malicious commits to frame researcher (source)