"Numerous GitHub Repositories Distribute Malicious Phony PoC Exploits"

Researchers from the Leiden Institute of Advanced Computer Science discovered thousands of repositories on GitHub offering fake proof-of-concept (PoC) exploits for various vulnerabilities, some of which include malware. PoC exploits are uploaded by researchers to GitHub, one of the most popular sites for publishing source code, to help the security community evaluate solutions for vulnerabilities or determine the significance and scope of a flaw. In contrast to obtaining a PoC, the likelihood of malware infection could be as high as 10.3 percent, according to a technical report published by the researchers, excluding known fakes and prankware. The researchers examined more than 47,300 repositories promoting an exploit for a vulnerability discovered between 2017 and 2021 using IP address analysis, Hexadecimal and Base64 analysis, and Binary analysis. 1,522 of the 150,734 extracted unique IP addresses were found to be malicious in Virus Total antivirus scans, 2,864 matched blocklist entries, and 1,069 were found in the AbuseIPDB database. After analyzing a collection of 6,160 executables with binary analysis, 2,164 malicious samples were discovered in 1,398 repositories. Out of the 47,313 repositories examined, 4,893 were found to be malicious, with most of them containing vulnerabilities from 2020. This article continues to discuss the researchers' discovery of thousands of GitHub repositories distributing malicious fake PoC exploits.

CyberIntelMag reports "Numerous GitHub Repositories Distribute Malicious Phony PoC Exploits"