Hackers pose as cybersecurity experts to spread malware
June 15, 2023
0
Don’t believe everything you see on Twitter and GitHub. There are fake proof-of-concepts of vulnerabilities circulating, which are a clever trick to deliver malware onto your device. Researchers
Don’t believe everything you see on Twitter and GitHub. There are fake proof-of-concepts of vulnerabilities circulating, which are a clever trick to deliver malware onto your device.
Researchers at cybersecurity company Vulncheck uncovered this sneaky practice in May. They discovered a number of posts related to Zero Days in widely used applications such as Whatsapp, Signal, Discord, Microsoft Exchange and Google Chrome. But as you can imagine, they allegedly patched the exact opposite and bombarded the device the file was downloaded from with malware.
Fake Twitter Profiles
It goes beyond posting fake posts on GitHub. The hackers also created a Twitter account for a fictional company called High Sierra Cyber Security. Each “researcher” also had its own profile, often with the name and/or profile photo of cybersecurity professionals from recognized companies in the industry. Break free from the stereotype of the hooded hacker operating out of his basement. Today’s hackers pretend to be “the good guys”.
They advertised the malware files on GitHub via Twitter and gave themselves a legitimate appearance (see image below). By the way, the profiles are still active.
After Vulncheck informed GitHub what was going on, the open source platform acted decisively and the posts were immediately removed. However, Vulncheck does not rule out that the campaign has been running for much longer. It is not clear how many casualties there might have been this way.
The hackers created fake Twitter profiles. Source: Vulncheck
do what you say
This incident is forcing cybersecurity researchers to face the facts. A mere mortal would not normally use a zero-day proof of concept to find out more. The attack was therefore primarily aimed at security experts who were interested in the work of others. When pundits repeat ad nauseam that we shouldn’t click on a link inadvertently, the same advice applies to them.
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.