Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
From cheats to exploits: Webrat spreading via GitHub
From cheats to exploits: Webrat spreading via GitHub
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,178
Threads: 10,273
Thanks Received: 9,346 in 7,492 posts
Thanks Given: 10,310
Joined: 12 September 18
#1
Bug  23 December 25, 08:21
Quote:In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.

Distribution and the malicious sampleIn October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged vulnerabilities frequently mentioned in security advisories and industry news. Specifically, they disguised their malware as exploits for the following vulnerabilities with high CVSSv3 scores:

CVECV                   SSv3
CVE-2025-59295     8.8
CVE-2025-10294     9.8
CVE-2025-59230     7.8

This is not the first time threat actors have tried to lure security researchers with exploits.

Last year, they similarly took advantage of the high-profile RegreSSHion vulnerability, which lacked a working PoC at the time.

In the Webrat campaign, the attackers bait their traps with both vulnerabilities lacking a working exploit and those which already have one. To build trust, they carefully prepared the repositories, incorporating detailed vulnerability information into the descriptions. The information is presented in the form of structured sections, which include:
  • Overview with general information about the vulnerability and its potential consequences
  • Specifications of systems susceptible to the exploit
  • Guide for downloading and installing the exploit
  • Guide for using the exploit
  • Steps to mitigate the risks associated with the vulnerability

[Image: Webrat1.png]Contents of the repository

In all the repositories we investigated, the descriptions share a similar structure, characteristic of AI-generated vulnerability reports, and offer nearly identical risk mitigation advice, with only minor variations in wording. This strongly suggests that the text was machine-generated.

The Download Exploit ZIP link in the Download & Install section leads to a password-protected archive hosted in the same repository. The password is hidden within the name of a file inside the archive.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Google Chrome 147.0.7727.101/102
Google Chrome 147.0...harlan4096 — 07:08
PatchMyPC 5.4.4.0 (15-April-2026)
Version 5.4.4.0 i...harlan4096 — 07:05
Microsoft Fixes Windows Server 2019 and ...
Microsoft has fixe...harlan4096 — 07:02
Over 100 Malicious Chrome Extensions Ste...
Security researche...harlan4096 — 07:02
[Test & Review Request] Looking for fee...
Can you at least i...LFTyyy — 14:28

[-]
Birthdays
Today's Birthdays
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)Toligo
avatar (38)RobertUtelt

[-]
Online Staff
There are no staff members currently online.

>