Summary: A malicious proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed “LDAPNightmare,” has been discovered on GitHub, infecting users with infostealer malware that exfiltrates sensitive data. This incident underscores the ongoing threat of deceptive tools masquerading as legitimate exploits in the cybersecurity landscape.
Threat Actor: Unknown | unknown
Victim: GitHub users | GitHub users
Key Point :
- A deceptive GitHub repository mimics a legitimate PoC, leading users to download malware.
- The malware collects sensitive information and uploads it to an external FTP server.
- Users are advised to verify repository authenticity and review code before execution.