Researchers discover over 47,300 GitHub repositories offering fake PoC exploits

Share post:

Researchers from the Leiden Institute of Advanced Computer Science have discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for vulnerabilities and malware.

Various malicious programs and malicious scripts from remote trojans to Cobalt Strike have been discovered by the researchers.

More than 47,300 repositories advertising an exploit for a vulnerability discovered between 2017 and 2021 were analyzed by the researchers using three mechanisms: IP address analysts to compare publisher IP to public blocklists and VT and AbuseIPDB; binary analysis to perform VirusTotal checks of the provided executable files and their hashes; hexadecimal and base64 analysis: decrypt obfuscated files before performing binary and IP checks.

The researchers discovered 150,734 unique IP addresses that were extracted and 2,864 matched blocklist entries, of which 1,522 were detected as malicious in antivirus scans on Virus Total, and 1,069 were present in the AbuseIPDB database.

The binary analysis examined a number of 6,160 executable files and found a total of 2,164 malicious samples hosted in 1,398 repositories. Overall, 4,893 of the 47,313 tested repositories were classified as malicious, with most of them associated with bugs as of 2020.

As a security precaution, users are advised not to trust a GitHub repository from an unverified source. Software testers are also advised to carefully check the PoCs they download and perform multiple checks before running them.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

North Korean hacker infiltrates US security vendor, loads malware

KnowBe4, a US-based security vendor, unknowingly hired a North Korean hacker who attempted to introduce malware into the...

CrowdStrike releases an update from initial Post Incident Review: Hashtag Trending Special Edition for Thursday July 25, 2024

Security vendor CrowdStrike released an update on from their initial Post Incident Review today. The first, and most surprising...

Security vendor CrowdStrike issues an update from their initial Post Incident Review

Security vendor CrowdStrike released an update from their initial Post Incident Review (PIR) today. The company's CEO has...

CrowdStrike CEO summoned by Homeland Security committee over software disaster

CrowdStrike CEO George Kurtz has been called to testify before the U.S. House Committee on Homeland Security following...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways