Gandalf_The_Grey
Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,189
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
GitHub is one of the largest code hosting platforms, and researchers use it to publish PoC exploits to help the security community verify fixes for vulnerabilities or determine the impact and scope of a flaw.
According to the technical paper from the researchers at Leiden Institute of Advanced Computer Science, the possibility of getting infected with malware instead of obtaining a PoC could be as high as 10.3%, excluding proven fakes and prankware.
How to stay safe
Blindly trusting a repository on GitHub from an unverified source would be a bad idea since the content is not moderated, so it falls on the users to review it before using it.
Software testers are advised to carefully scrutinize the PoCs they download and run as many checks as possible before executing them.
Soufian believes that all testers should follow these three steps:
The researchers have reported all the malicious repositories they discovered to GitHub, but it will take some time until all of them are reviewed and removed, so many still remain available to the public.
- Read carefully the code you are about to run on your or your customer's network.
- If the code is too obfuscated and needs too much time to analyze manually, sandbox it in an environment (ex: an isolated Virtual Machine) and check your network for any suspicious traffic.
- Use open-source intelligence tools like VirusTotal to analyze binaries.
As Soufian explained, their study aims not just to serve as a one-time cleaning action on GitHub but to act as a trigger to develop an automated solution that could be used to flag malicious instructions in the uploaded code.
This is the first version of the team's research and they are working on improving their detector. Currently, the the detection tool misses code with stronger obfuscation.
Thousands of GitHub repositories deliver fake PoC exploits with malware
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
www.bleepingcomputer.com