A new threat has emerged targeting cybersecurity researchers through a deceptive archive distributed on the social network X. This archive, posing as an exploit for the CVE-2024-6387 vulnerability—known as regreSSHion—claims to offer a working exploit and related attack details. However, it is actually a trap designed to compromise the systems of those who download it.
The archive’s enticing offer includes supposed exploit code, a list of targeted IP addresses, and attack payloads. According to Kaspersky reports, a server using this exploit attacks specific IP addresses, making the archive appealing to cybersecurity professionals interested in analyzing the exploit. Despite this, the real contents of the archive are malicious.
Inside, researchers will find a mix of source code, altered proof-of-concept code, and harmful scripts. Instead of providing a legitimate exploit, the archive contains malware designed to achieve persistence on infected systems. The malicious script, labeled “exploit,” not only performs harmful actions but also ensures its execution repeatedly by modifying system files.
Cybersecurity experts are warned to be cautious when downloading files from untrusted sources, especially from social media. It is essential to verify the authenticity of any such archive and to conduct analysis in isolated environments to avoid system compromise.
