Don’t believe everything you see on Twitter and GitHub. There are fake proof-of-concepts of vulnerabilities circulating, which are a clever trick to deliver malware onto your device.

Researchers at cybersecurity company Vulncheck uncovered this sneaky practice in May. They discovered a number of posts related to Zero Days in widely used applications such as Whatsapp, Signal, Discord, Microsoft Exchange and Google Chrome. But as you can imagine, they allegedly patched the exact opposite and bombarded the device the file was downloaded from with malware.

Fake Twitter Profiles

It goes beyond posting fake posts on GitHub. The hackers also created a Twitter account for a fictional company called High Sierra Cyber ​​Security. Each “researcher” also had its own profile, often with the name and/or profile photo of cybersecurity professionals from recognized companies in the industry. Break free from the stereotype of the hooded hacker operating out of his basement. Today’s hackers pretend to be “the good guys”.

They advertised the malware files on GitHub via Twitter and gave themselves a legitimate appearance (see image below). By the way, the profiles are still active.

After Vulncheck informed GitHub what was going on, the open source platform acted decisively and the posts were immediately removed. However, Vulncheck does not rule out that the campaign has been running for much longer. It is not clear how many casualties there might have been this way.

do what you say

This incident is forcing cybersecurity researchers to face the facts. A mere mortal would not normally use a zero-day proof of concept to find out more. The attack was therefore primarily aimed at security experts who were interested in the work of others. When pundits repeat ad nauseam that we shouldn’t click on a link inadvertently, the same advice applies to them.