A Lurking Threat: Malware Discovered in Open-Source Proof of Concept
A Classic Trojan Horse
A recently copied and abused open-source proof of concept (PoC) exploit from a reputable security company, aimed at helping threat researchers, is the latest example of the novel tactics hackers will use to spread malware. PoCs for known vulnerabilities are created to be shared by students, researchers, and IT pros to improve software and toughen defenses. The danger is that anything posted on the internet can be abused.
Not a New Tactic
The tactic of using a PoC to hide malware or a backdoor isn’t new. In 2023, for example, Uptycs reported on a widely-shared malicious proof of concept on GitHub purporting to address the critical Linux kernel vulnerability CVE-2023-35829. And according to a 2022 study by researchers at Cornell University into GitHub-hosted PoCs, almost 2% of the 47,285 repositories it examined had indicators of malicious intent. "This figure shows a worrying prevalence of dangerous malicious PoCs among the exploit code distributed on GitHub," the study concluded — and that was over two years ago.
Only Use Trusted Repositories
Cybersecurity professionals, including blue and red teams, should only download content from trusted open-source repositories that have a lot of stars, said SafeBreach’s Bar, and never download executables from untrusted sources. In addition, Trend Micro advised IT workers to:
- Always download code, libraries, and dependencies from official and trusted repositories;
- Be cautious of repositories with suspicious content that may seem out of place for the tool or application it is supposedly hosting;
- If possible, confirm the identity of the repository owner or organization;
- Review the repository’s commit history and recent changes for anomalies or signs of malicious activity;
- Be cautious of repositories with very few stars, forks, or contributors, especially if they claim to be widely used;
- Look for reviews, issues, or discussions about the repository to identify potential red flags.
Conclusion
In conclusion, the discovery of a malicious PoC on GitHub serves as a reminder of the importance of caution when downloading code from open-source repositories. As threat actors increasingly use this tactic to spread malware, it is crucial for cybersecurity professionals to be vigilant and follow best practices to ensure the security of their systems.
FAQs
Q: What is a proof of concept (PoC)?
A: A proof of concept is a demonstration of a concept or idea to test its feasibility.
Q: What is a Trojan horse?
A: A Trojan horse is a type of malware that disguises itself as a legitimate program or file to gain unauthorized access to a system.
Q: Why are PoCs often used by hackers?
A: PoCs are often used by hackers to spread malware, as they can be easily modified and distributed, making it difficult to detect.
Q: How can I protect myself from malicious PoCs?
A: Always download content from trusted open-source repositories, be cautious of suspicious content, and never download executables from untrusted sources.
