Cybersecurity Community Warned of Fake PoC Exploits Delivering Malware

Cybersecurity Community Warned of Fake PoC Exploits Delivering Malware


Researchers have detected fake proof-of-concept (PoC) exploits that appear to have been created by threat actors in an effort to deliver malware to members of the cybersecurity community.

On May 19, researchers reported that GitHub was Host Malware Disguised as PoC Holdings for a couple of Windows vulnerabilities that Microsoft fixed with its Tuesday 20 April 2022 patch updates.

Fake PoC exploits, which have since been removed by GitHub, were delivered as executable files that, when executed, could open a backdoor to the system.

PoCs claimed to direct CVE-2022-24500 and CVE-2022-26809, both of which can be used for remote code execution on Windows systems. While there is no indication that the defects were exploited in the attacks, some cybersecurity companies did warn that they could pose a serious risk; for example, CVE-2022-26809 is believed to be removable.

Threat intelligence firm Cyble has analyzed fake PoC exploits and determined that threat actors were likely to use them to target members of the infosec community. The company also found posts on cybercrime forums that talked about exploits.

Fake PoCs, which appeared to be created by the same threat actor, were .NET binaries with an open source application protector called ConfuserEx. When executed, they displayed false messages that apparently showed a failed attempt to exploit CVE-2022-24500 or CVE-2022-26809.

False PoC exploitation

After running this routine, the files executed a hidden PowerShell command that delivered the Cobalt Strike Beacon payload, which can be used to download additional malware and for side movement.

“People working in information security or TA use exploits to check for vulnerabilities. Therefore, this malware can only target people in this community. Therefore, it is essential that members of the Infosec community should check the credibility of the sources before downloading any proof of concept, “Cyble explained.

It is unclear if anyone actually ran fake PoC exploits and if their systems were compromised. However, some members of the community noted that researchers would likely test the fake farms in a sandy environment, which would significantly limit the impact.

It is not uncommon for threat actors to target the cybersecurity community. Last year, Google warned that North Korean hackers had been targeting security researchers at various companies and organizations, using zero-day vulnerabilities, fake social media profiles, malicious websites, and even creating a fake penetration testing company.

Related: PoC Exploit released for the latest Microsoft Exchange Zero-Day

Related: PoC Exploit released for Windows Wormable vulnerability

Related: Google launches PoC Exploit for browser-based Specter Attack

views counter

Eduard Kovacs (@EduardKovacs) is a contributing editor of SecurityWeek. He worked as a high school computer science teacher for two years before starting a career in journalism as a Softpedia security news reporter. Eduard has a degree in industrial computer science and a master’s degree in computer technology applied to electrical engineering.

Previous columns by Eduard Kovacs:
Tags:





Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.