Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw (CVE-2022-26809 CVSS 9.8). The malware, disguised as a fake PoC code, was available on GitHub.
The researchers also noticed that multiple TAs were also discussing these tainted exploits on the cybercrime forum.
The analysis of the malware revealed that it is a .Net binary packed with ConfuserEX, a free, open-source protector for .NET applications. The malicious code doesn’t include the exploits for the vulnerabilities mentioned on the fake PoC, it only prints a fake message showing that it is trying to exploit and executes shellcode.