Thousands Repositories presenting proof-of-concept (PoC) exploits for different vulnerabilities on GitHub may contain malwarebrings risks to those who use it in their work. This is what researchers at the Institute for Advanced Computer Science in Leiden, the Netherlands claim.
In a report published on the 15th, experts explain that there is a 10.3% chance of infecting a computer when using the file hosting platform’s PoCs. To arrive at this conclusion, they analyzed 47,300 warehouses citing bugs reported between 2017 and 2021.
This total 4,800 warehouses found to be maliciousmost of them are related to the crashes of 2020. By analyzing these examples, we found different types of malicious malware and scriptsremote access trojans cobalt strikeA hacking kit used for remote surveillance and command execution.
Among the cases identified, the document refers to the PoC for CVE-2019-0708 known as “BlueKeep”, which includes a JavaScript-based trojan for remote execution of commands via Windows CMD. Another example brought malware that can collect system information, IP and user personal data.
safety tips
While the researchers have reported the malicious PoCs identified in this investigation to GitHub, it will take some time before they are removed and available for download. Therefore, care should be taken when using the platform.
testers review proofs of concept and do as many checks as possible before running, read the code carefully. If it requires a longer analysis time, an alternative is to place it in an isolated virtual machine to look for suspicious traffic on the network.
Security researcher El Yadmani Soufian, one of those responsible for the report, also emphasized the importance of using open source intelligence tools such as VirusTotal in the analysis.
Source: Tec Mundo
