Security Researcher Compromised by Malicious Proof-of-Concept Exploit; Open-source Doesn't Equate Safe

Wrecker4923

Wrecker4923

Level 8
Thread author
Verified
Well-known
Apr 11, 2024
358
1,736
669
Content source
https://chocapikk.com/posts/2025/s1nk/
Late at night, I was testing a proof-of-concept (PoC) exploit for CVE-2020-35489 (https://github[.]com/gh202503/poc-cve-2020-35489) that I found on GitHub. The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.
Click to expand...
A few hours later, my system started behaving strangely. CPU usage was abnormally high, and after further investigation, I found that a hidden malware had infected my machine. Worse, my credentials, SSH keys, and other sensitive data had been stolen and uploaded to an attacker-controlled repository.
Click to expand...

Comments:​

We all have interests, which means we all have lures that can bait us into doing things we shouldn't do, or perhaps should wait to do at a better time. So, be careful and stay safe!
 
  • Like
  • Wow
Reactions: simmerskool, piquiteco, Andy Ful and 2 others
Wrecker4923 said:

The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.​

Click to expand...
The user states that they were at-fault because of what they did and did not do.

People are always the problem. ALWAYS.
 
You must log in or register to reply here.

You may also like...