Security News > 2023 > July > Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice.
Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829.
"The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained.
The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp.
News URL
https://thehackernews.com/2023/07/blog-post.html
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- GitHub projects targeted with malicious commits to frame researcher (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- ESET researchers analyze first UEFI bootkit for Linux systems (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |