Thousands of GitHub repositories deliver fake PoC exploits with malware

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Content source
https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.

GitHub is one of the largest code hosting platforms, and researchers use it to publish PoC exploits to help the security community verify fixes for vulnerabilities or determine the impact and scope of a flaw.

According to the technical paper from the researchers at Leiden Institute of Advanced Computer Science, the possibility of getting infected with malware instead of obtaining a PoC could be as high as 10.3%, excluding proven fakes and prankware.
Click to expand...
How to stay safe

Blindly trusting a repository on GitHub from an unverified source would be a bad idea since the content is not moderated, so it falls on the users to review it before using it.

Software testers are advised to carefully scrutinize the PoCs they download and run as many checks as possible before executing them.

Soufian believes that all testers should follow these three steps:
  1. Read carefully the code you are about to run on your or your customer's network.
  2. If the code is too obfuscated and needs too much time to analyze manually, sandbox it in an environment (ex: an isolated Virtual Machine) and check your network for any suspicious traffic.
  3. Use open-source intelligence tools like VirusTotal to analyze binaries.
The researchers have reported all the malicious repositories they discovered to GitHub, but it will take some time until all of them are reviewed and removed, so many still remain available to the public.

As Soufian explained, their study aims not just to serve as a one-time cleaning action on GitHub but to act as a trigger to develop an automated solution that could be used to flag malicious instructions in the uploaded code.

This is the first version of the team's research and they are working on improving their detector. Currently, the the detection tool misses code with stronger obfuscation.
Click to expand...
www.bleepingcomputer.com

Thousands of GitHub repositories deliver fake PoC exploits with malware

Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
  • Wow
Reactions: shmu26, Nevi, Venustus and 5 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Replies
1
Views
1,525
News Archive
upnorth
upnorth
[correlate]
    • Like
    • +Reputation
    • Applause
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
Replies
1
Views
1,166
News Archive
SumTingWong
SumTingWong
MuzzMelbourne
    • Wow
    • Like
    • +Reputation
Security News GitHub besieged by millions of malicious repositories in ongoing attack
Replies
4
Views
1,618
Security News
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top