Security News > 2023 > July > Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice.
Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829.
"The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained.
The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp.
News URL
https://thehackernews.com/2023/07/blog-post.html
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- 200-plus impressively convincing GitHub repos are serving up malware (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Hundreds of GitHub repos served up malware for years (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |