GitHub is considered to be one of the largest code hosting platforms on the Internet, used by programmers all over the world. This also includes security researchers, who often use the platform to share proof of concept on a variety of attacks and vulnerabilities.
However, you need to pay attention to what you access within the platform. At least that’s the indication of a recent study by the Leiden Center for Advanced Sciences, which points to the existence on GitHub of hundreds of PoCs with embedded malware.
According to the researchers, among users who download PoC content to test or fix a particular vulnerability, have a 10.3% chance of downloading a file with embedded malware. This appears to be the latest trend for criminals to distribute malware, integrating it directly into the PoC via GitHub.
Users who download these PoCs, for validation or to verify that the patches have been implemented correctly, could end up installing malware on their systems. Many of the available PoCs have been scanned and contain malware in their code.
In total, the researchers analyzed 47,300 PoCs within GitHub, all related to known vulnerabilities between 2017 and 2021.
As always, some users themselves pay attention to what they are downloading, and it is always necessary to check if they are from credible sources or if the files may not have been modified by third parties.
