Hackers pretend to be cyber security experts to spread malware

Don’t believe everything you see on Twitter and GitHub. False proof-of-concepts of vulnerabilities, a cunning trick to get malware onto your device, circulate in circulation.

Researchers at a cyber security company Fill out the check This deceptive practice came to light in May. Discover a series of contributions around zero days in widely used apps like Whatsapp, Signal, Discord, Microsoft Exchange and Google Chrome. But as you can imagine, they supposedly patched it quite the opposite and bombarded the device from which the file was downloaded with malware.

Read also

Cactus ransomware encrypts itself to stay under the radar

Fake Twitter profiles

It goes beyond just posting dummy contributions on GitHub. The hackers also set up a Twitter account for a fictitious company called High Sierra Cyber ​​Security. Each “researcher” had its own profile, often with the name and/or profile picture of cybersecurity experts from recognized companies in the sector. Ditch the stereotype of the masked hacker working out of his basement. Hackers nowadays pretend to be the “good guys”.

Via Twitter, they promoted the malware files on GitHub and gave themselves the appearance of being legitimate (see image below). By the way, the profiles are still active.

After Vulncheck notified GitHub of what was going on, the open source platform acted decisively and the contributions were promptly removed. However, Volinchek does not rule out that the campaign will continue for a longer period. It is not clear how many victims could have occurred in this way.

Do what you say

This incident forces cyber security researchers to face facts. Mere mortals wouldn’t normally attract a zero-day proof of concept to learn more. So the attack was mainly aimed at security experts who are interested in the work of others. If experts ad nauseam repeat that we shouldn’t mindlessly click on a link, the same advice applies to them.