VulnCheck discovered fake security researcher accounts sharing malware disguised as zer0-day exploits for Chrome, Discord, Signal, Whatsapp, and Exchange. The fake accounts mainly operated on GitHub and used Twitter to attract users to GitHub repositories. The accounts claim to work for the non-existent High Sierra Cyber Security and use profile pictures of real researchers.
VulnCheck noted that the fake personas can be quite convincing, but the malware itself is very obvious. Malicious GitHub accounts were all suspended but the accompanying Twitter accounts remain active. It remains unclear whether a threat actor is behind the operation or if this is some sort of experiment. A similar strategy was employed by North Korean actors in 2021, and Leiden University claims hundreds of GitHub proof-of-concept repositories are malicious.
Read More: