Threat actors are repurposing older proof of concept code to create fake PoCs for newly released vulnerabilities, aiming to compromise other miscreants rather than specifically targeting researchers.

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

This article discusses a recent incident where a threat actor created a fake proof of concept (PoC) script for a vulnerability in WinRAR. The fake PoC script was based on a publicly available PoC for a different vulnerability in GeoServer. The intention of the fake PoC was not to target researchers specifically, but rather to compromise other miscreants trying to exploit new vulnerabilities. The article provides details about the fake PoC script, the infection chain it triggers, and the VenomRAT payload that is installed as a result.

Back to Home


  • No comments yet.