Researchers detected fake company accounts on GitHub linked to a deceitful cybersecurity company. These accounts are promoting harmful repositories on the code hosting service.
These malicious exploits are promoted by purported researchers from a bogus cybersecurity company called “High Sierra Cyber Security,” who promote GitHub repositories on Twitter, likely targeting cybersecurity researchers and companies involved in vulnerability research.
This campaign was discovered by VulnCheck, which reports that it has been running since at least May 2023, promoting alleged exploits for zero-day flaws in popular software such as Chrome, the Discord, the Signal, WhatsApp and Microsoft Exchange.
The threat actors behind the campaign are also unknown, but they seem persistent, creating new profiles and repositories every time existing ones get flagged and deleted.
The choice of the appropriate file is contingent upon the operating system currently in place. As here, both Linux and Windows users get the same file but with different names that we have mentioned below:-
- Linux users: ‘cveslinux.zip’
- Windows users: ‘cveswindows.zip’
Overall, at the time of writing, the threat actors have the following seven malicious repositories on Github that you shouldn’t touch with a ten-foot pole.