32.Lock Code Circular Esm W900

​Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware.

Uptycs analysts discovered the malicious PoC during their routine scans when detection systems flagged irregularities such as unexpected network connections, unauthorized system access attempts, and atypical data transfers. 

Three repositories were found hosting the malicious fake PoC exploit, with two removed from GitHub and the remaining one still live.

Uptycs reports that the bad PoC has been widely shared among members of the security research community, so infections might exist on a significant number of computers.