Security News > 2023 > July > Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice.
Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829.
"The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained.
The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp.
News URL
https://thehackernews.com/2023/07/blog-post.html
Related news
- Linux wiper malware hidden in malicious Go modules on GitHub (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools (source)
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |