By disseminating bogus proofs-of-concept (PoCs) containing Linux backdoors, one GitHub user was able to trick security researchers. PoCs are used by cybersecurity researchers to test and analyse vulnerabilities that are already known to the public. They are necessary and common, which may make it simpler for a bad one to get through.
Researchers from Uptycs exposed a GitHub user this week who duplicated legitimate PoCs for known vulnerabilities and reposted them with covert Linux-built infostealing malware. The individual is no longer active on the site. At the time of detection, one of the two false PoCs had been forked 25 times; a second copy had been forked 20 times.