Security News > 2023 > July > Fake Linux vulnerability exploit drops data-stealing malware
2023-07-13 18:28
Cybersecurity researchers and threat actors are targeted by a fake proof of concept CVE-2023-35829 exploit that installs a Linux password-stealing malware.
The fake PoC claims to be an exploit for CVE-2023-35829, a high-severity use-after-free flaw impacting the Linux kernel before 6.3.2.
In reality the PoC is a copy of an old, legitimate exploit for another Linux kernel vulnerability, CVE-2022-34918.
Using fake PoCs to target researchers and threat actors with malware is not new.
The North Korean Lazarus hackers are also believed responsible for a 2021 campaign using social media to target vulnerability researchers with fake PoCs that installed backdoors.
Fake zero-day PoC exploits on GitHub push Windows, Linux malware.
News URL
Related news
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Linux wiper malware hidden in malicious Go modules on GitHub (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
| 2022-07-04 | CVE-2022-34918 | Type Confusion vulnerability in multiple products An issue was discovered in the Linux kernel through 5.18.9. | 7.8 |