Thousands of proof-of-concept (PoC) vulnerability exploits on GitHub are ridden with malware, according to a recent study by researchers at the Leiden Institute of Advanced Computer Science.
GitHub is popular among security experts who want to share their findings with the community. PoC repositories help cybersecurity researchers validate potential fixes for new vulnerabilities and perform security assessments in stable, controlled environments against known exploits.
While PoC exploits are also shared on dedicated websites, forums and communication platforms,code-hosting platforms like GitHub are often preferred in this situation. On the downside, GitHub’s public code repositories don’t guarantee the legitimacy of the PoC, its provenience, or its efficacy.
“Professional frameworks like Metasploit or reputable databases like Exploit-DB contain exploits for many CVEs, but not for all of them,” reads the researchers’ technical paper. “Pentesters then turn to Proof of Concept (PoC) exploits published in public code repositories like GitHub to see if they can find something they can use to exploit the issue and demonstrate the vulnerability.”
The study, led by Soufian El Yadmani, Robin The and Olga Gadyatskaya, highlights that 4,893 out of 47,313 (10.3%) analyzed repositories were laced with malware. Researchers analyzed traits like the presence of Trojanized binaries, obfuscated rogue code, and malicious IP address callbacks to determine if a repository intends to cause harm.
The research further revealed that the spiked PoC repositories had different scopes. Some hid malware and other harmful scripts, some tried to harvest data from users, while others pranked users to remind them of the perils of running a PoC without analyzing the code beforehand.
To avoid exposing themselves to malware-ridden PoC exploits, users should inspect the code thoroughly and run it in a controlled environment (sandbox, virtual machine) if obfuscated.
Dedicated software like Bitdefender Ultimate Security can protect you against malicious PoC exploits and other cyberthreats thanks to its comprehensive library of features, which includes:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024