2 min read

Thousands of PoC Exploits on GitHub are Laced with Malware, Study Shows

Vlad CONSTANTINESCU

October 24, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Thousands of PoC Exploits on GitHub are Laced with Malware, Study Shows

Thousands of proof-of-concept (PoC) vulnerability exploits on GitHub are ridden with malware, according to a recent study by researchers at the Leiden Institute of Advanced Computer Science.

GitHub is popular among security experts who want to share their findings with the community. PoC repositories help cybersecurity researchers validate potential fixes for new vulnerabilities and perform security assessments in stable, controlled environments against known exploits.

While PoC exploits are also shared on dedicated websites, forums and communication platforms,code-hosting platforms like GitHub are often preferred in this situation. On the downside, GitHub’s public code repositories don’t guarantee the legitimacy of the PoC, its provenience, or its efficacy.

“Professional frameworks like Metasploit or reputable databases like Exploit-DB contain exploits for many CVEs, but not for all of them,” reads the researchers’ technical paper. “Pentesters then turn to Proof of Concept (PoC) exploits published in public code repositories like GitHub to see if they can find something they can use to exploit the issue and demonstrate the vulnerability.”

The study, led by Soufian El Yadmani, Robin The and Olga Gadyatskaya, highlights that 4,893 out of 47,313 (10.3%) analyzed repositories were laced with malware. Researchers analyzed traits like the presence of Trojanized binaries, obfuscated rogue code, and malicious IP address callbacks to determine if a repository intends to cause harm.

The research further revealed that the spiked PoC repositories had different scopes. Some hid malware and other harmful scripts, some tried to harvest data from users, while others pranked users to remind them of the perils of running a PoC without analyzing the code beforehand.

To avoid exposing themselves to malware-ridden PoC exploits, users should inspect the code thoroughly and run it in a controlled environment (sandbox, virtual machine) if obfuscated.


Dedicated software like Bitdefender Ultimate Security can protect you against malicious PoC exploits and other cyberthreats thanks to its comprehensive library of features, which includes:

  • Continuous, real-time protection against viruses, worms, Trojans, zero-day exploits, rootkits, spyware, ransomware and other e-threats
  • Network threat prevention module that scans, detects and blocks malicious network-level activities
  • Behavioral detection technology that closely monitors active apps and takes instant action upon detecting suspicious activity
  • Vulnerability assessment module that scans your system for outdated and vulnerable software, outdated security patches and unsafe system settings, and suggests the best fix

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader