Security News > 2023 > July > Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice.
Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829.
"The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained.
The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp.
News URL
https://thehackernews.com/2023/07/blog-post.html
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- GitHub projects targeted with malicious commits to frame researcher (source)
- Researchers unearth two previously unknown Linux backdoors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |