11/13/2023 0 Comments Github linux kernel![]() ![]() The development comes nearly a month after VulnCheck discovered a number of fake GitHub accounts posing as security researchers to distribute malware under the guise of PoC exploits for popular software such as Discord, Google Chrome, Microsoft Exchange Server, Signal, and WhatsApp. ![]() The malware names and runs a file named kworker, which adds the $HOME/.local/kworker path in $HOME/.bashrc, thereby establishing its persistence." "But within the Makefile resides a code snippet that builds and executes the malware. "The PoC intends for us to run a make command that is an automation tool used to compile and build executables from source code files," the researchers explained. The backdoor comes with a broad range of capabilities to steal sensitive data from compromised hosts as well as allow a threat actor to gain remote access by adding their SSH key to the. A closer examination of the commit history shows that the changes were pushed by ChriSanders22, suggesting it was forked from the original repository. It is still available as of writing and has been forked 19 times. Uptypcs also identified a second GitHub profile containing a bogus PoC for CVE-2023-35829. Another PoC shared by the same account, ChriSanders22, for CVE-2023-20871, a privilege escalation bug impacting VMware Fusion, was forked twice. It has since been taken down, but not before it was forked 25 times. The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel. ![]() "Operating as a downloader, it silently dumps and executes a Linux bash script, all the while disguising its operations as a kernel-level process." "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said. In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |