Dangerous WebRAT malware now being spread by GitHub repositories

• Kaspersky finds 15 malicious GitHub repositories posing as proof‑of‑concept exploits, some crafted with Gen AI
• Victims receive a ZIP with decoys and a dropper (rasmanesc.exe) that installs WebRAT backdoor/infostealer
• GitHub removed the repos, but infected users must manually eradicate WebRAT and remain cautious of typosquatted packages

Cybercriminals are now targeting security researchers (and possibly other criminals) through malware-laden fake proof-of-concept exploits hosted on popular repositories, experts have warned.

Cybersecurity researchers Kaspersky said they found 15 malicious repositories hosted on GitHub. These repositories, apparently crafted with the help of Generative Artificial Intelligence (Gen AI), claimed to provide an exploit for multiple vulnerabilities discovered and reported in the media.

Among them is a heap-based buffer overflow bug in Windows MSHTML/Internet Explorer, a critical authentication bypass in OwnID Passwordless Login plugin for WordPress, and an elevation-of-privilege flaw in Windows’ Remote Access Connection Manager ...