FlagThis

A fake proof-of-concept (PoC) exploit, dubbed "LDAPNightmare," is targeting cybersecurity researchers by disguising itself as a fix for the critical Microsoft LDAP vulnerability CVE-2024-49113. The attackers created a malicious repository that mimics a legitimate one, containing a fake "poc.exe" file which, when executed, deploys information-stealing malware. This malicious code steals sensitive data from the infected machine, including computer information, running processes, network details, and installed updates, sending the stolen data to a remote server controlled by the attackers.

This sophisticated attack uses a multi-stage delivery process. The initial executable drops and runs a PowerShell script that then downloads and executes another malicious script from Pastebin. The attackers have specifically targeted the Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability in an attempt to exfiltrate valuable data from researchers focused on mitigating security risks. Researchers are urged to verify repository authenticity, prioritize official sources, and check for any suspicious activity to avoid falling victim to this malware.

ImgSrc: hackread.com

References :

• ciso2ciso.com: Fake PoC Exploit Targets Cybersecurity Researchers with Malware – Source:hackread.com
• hackread.com: Fake PoC Exploit Uses Microsoft Vulnerability to Target Cybersecurity Researchers with Malware
• securityonline.info: Fake LDAPNightmare PoC Exploit Conceals Information-Stealing Malware
• Latest from TechRadar: Security experts are being targeted with fake malware discoveries
• Pyrzout :vm:: Fake PoC Exploit Targets Cybersecurity Researchers with Malware – Source:hackread.com
• osint10x.com: Fake PoC Exploit Targets Cybersecurity Researchers with Malware

Classification:

• HashTags: #Malware #Exploit #LDAP
• Target: security researchers
• Product: Windows LDAP
• Feature: fake exploit
• Type: Malware
• Severity: Medium