Security News > 2023 > July > Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice.
Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829.
"The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained.
The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp.
News URL
https://thehackernews.com/2023/07/blog-post.html
Related news
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-18 | CVE-2023-35829 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.2. | 7.0 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |