Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
From cheats to exploits: Webrat spreading via GitHub
From cheats to exploits: Webrat spreading via GitHub
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 15,824
Threads: 10,141
Thanks Received: 9,306 in 7,452 posts
Thanks Given: 10,217
Joined: 12 September 18
#1
Bug  23 December 25, 08:21
Quote:In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.

Distribution and the malicious sampleIn October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged vulnerabilities frequently mentioned in security advisories and industry news. Specifically, they disguised their malware as exploits for the following vulnerabilities with high CVSSv3 scores:

CVECV                   SSv3
CVE-2025-59295     8.8
CVE-2025-10294     9.8
CVE-2025-59230     7.8

This is not the first time threat actors have tried to lure security researchers with exploits.

Last year, they similarly took advantage of the high-profile RegreSSHion vulnerability, which lacked a working PoC at the time.

In the Webrat campaign, the attackers bait their traps with both vulnerabilities lacking a working exploit and those which already have one. To build trust, they carefully prepared the repositories, incorporating detailed vulnerability information into the descriptions. The information is presented in the form of structured sections, which include:
  • Overview with general information about the vulnerability and its potential consequences
  • Specifications of systems susceptible to the exploit
  • Guide for downloading and installing the exploit
  • Guide for using the exploit
  • Steps to mitigate the risks associated with the vulnerability

[Image: Webrat1.png]Contents of the repository

In all the repositories we investigated, the descriptions share a similar structure, characteristic of AI-generated vulnerability reports, and offer nearly identical risk mitigation advice, with only minor variations in wording. This strongly suggests that the text was machine-generated.

The Download Exploit ZIP link in the Download & Install section leads to a password-protected archive hosted in the same repository. The password is hidden within the name of a file inside the archive.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AntGROUP Inc. / VCap-developer
Ant Download Manager...jasonX — 09:21
WhatsApp Web Finally Gets Built-In Voice...
For a long time, W...harlan4096 — 08:46
AnyDesk 9.6.10 for Windows
AnyDesk 9.6.10 for...harlan4096 — 08:27
Google Chrome 145.0.7632.45/46
Google Chrome 145....harlan4096 — 08:26
UltraSearch 4.9
Version 4.9 New...harlan4096 — 08:25

[-]
Birthdays
Today's Birthdays
avatar (46)myhotseeve
avatar (46)Edwinmub
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>