Webrat, disguised as exploits, is spreading via GitHub repositories

Description

A new malware campaign targeting security professionals and students has been uncovered. The threat actor behind Webrat is now disguising the backdoor as exploits and proof-of-concept code for high-profile vulnerabilities, distributing it through GitHub repositories. The malware, which previously spread via game cheats and cracked software, now aims to infect inexperienced security researchers. The campaign uses carefully prepared repositories with AI-generated vulnerability reports to build trust. The malicious files, when executed, disable Windows Defender, escalate privileges, and fetch the Webrat backdoor. This backdoor can steal data from various applications, perform keylogging, and access webcams and microphones. The attack serves as a reminder for cybersecurity professionals to exercise caution when handling potentially malicious files and to use isolated environments for analysis.