Malware News Security Researcher Compromised by Malicious Proof-of-Concept Exploit; Open-source Doesn't Equate Safe

[Wrecker4923]

Content source

https://chocapikk.com/posts/2025/s1nk/

Late at night, I was testing a proof-of-concept (PoC) exploit for CVE-2020-35489 (https://github[.]com/gh202503/poc-cve-2020-35489) that I found on GitHub. The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.

A few hours later, my system started behaving strangely. CPU usage was abnormally high, and after further investigation, I found that a hidden malware had infected my machine. Worse, my credentials, SSH keys, and other sensitive data had been stolen and uploaded to an attacker-controlled repository.

Comments:​

We all have interests, which means we all have lures that can bait us into doing things we shouldn't do, or perhaps should wait to do at a better time. So, be careful and stay safe!

 

[bazang]

The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.​

The user states that they were at-fault because of what they did and did not do.

People are always the problem. ALWAYS.