ch0k1 on Nostr: Fake LDAPNightmware exploit on GitHub spreads infostealer malware ...
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.
The tactic isn't novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub.
However, this case, discovered by Trend Micro, highlights that threat actors continue to use the tactic to trick unsuspecting users into infecting themselves with malware.
originally posted at https://stacker.news/items/847044
https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.
The tactic isn't novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub.
However, this case, discovered by Trend Micro, highlights that threat actors continue to use the tactic to trick unsuspecting users into infecting themselves with malware.
originally posted at https://stacker.news/items/847044