Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Tags

External References

• https://www.trendmicro.com/
• https://www.trendmicro.com/
• https://otx.alienvault.com/

Description

A fake proof-of-concept exploit for the LDAPNightmare vulnerability (CVE-2024-49113) is being used to distribute information-stealing malware. The malicious repository, disguised as a fork from the original creator, contains an executable file that, when run, drops and executes a PowerShell script. This script creates a Scheduled Job that downloads and executes another script from Pastebin. The malware collects various system information, compresses it, and exfiltrates it to an external FTP server. This attack capitalizes on a trending issue, potentially affecting a large number of victims. To protect against such threats, users are advised to download from trusted sources, be cautious of suspicious content, and review repository details carefully.

Date