15 Malicious GitHub Repositories Deploy WebRAT Malware Through Fake Security Exploits
AI-generated repositories targeting security researchers with backdoor and infostealer disguised as proof-of-concept vulnerability exploits
Cybercriminals have deployed a sophisticated campaign targeting security researchers through malware-laden fake proof-of-concept exploits hosted on GitHub, with cybersecurity experts identifying 15 malicious repositories apparently crafted using generative artificial intelligence.
GitHub has removed the identified repositories, but victims who downloaded packages before removal remain infected and must manually eradicate the WebRAT malware from their systems. Additional undiscovered malicious repositories may still exist.
Campaign Overview
The campaign, active since September 2025, represents a targeted attack on security researchers and potentially other cybercriminals who frequently download and analyze proof-of-concept exploits as part of their work.
Targeted Vulnerabilities
The malicious repositories claimed to provide exploits for multiple legitimate vulnerabilities that had been discovered and reported in media:
- Heap-based buffer overflow in Windows MSHTML/Internet Explorer
- Critical authentication bypass in OwnID Passwordless Login plugin for WordPress
- Elevation-of-privilege flaw in Windows Remote Access Connection Manager
By mimicking high-profile, recently disclosed vulnerabilities, the threat actors ensured their repositories would attract security researchers actively investigating these flaws.
Role of Generative AI
Cybersecurity researchers indicated the repositories were apparently crafted with the help of Generative Artificial Intelligence. This suggests AI tools were used to create convincing repository descriptions, documentation, and possibly code structure that would appear legitimate to security professionals.
The use of generative AI enables threat actors to rapidly create multiple convincing fake repositories with professional-appearing documentation and code samples. This represents an evolution in social engineering tactics, leveraging AI to scale deception and target technical audiences who typically exhibit heightened security awareness.
Infection Chain: Technical Analysis
Victims who downloaded the malicious packages received a carefully constructed infection chain designed to deploy the WebRAT malware:
- Password-protected ZIP archive (adds legitimacy; researchers expect PoC exploits to be secured)
- Empty file (decoy to avoid immediate suspicion)
- Fake DLL file (serves as additional decoy)
- Batch file (execution component)
- rasmanesc.exe (malicious dropper masquerading as legitimate Windows component)
Dropper Behavior
The rasmanesc.exe dropper executes a multi-stage attack:
1. Privilege Escalation: The dropper elevates its system privileges to gain administrator-level access
2. Defender Disabling: Windows Defender is disabled to prevent detection and removal
3. WebRAT Download: The dropper retrieves the WebRAT malware payload from a command-and-control server
WebRAT Malware Capabilities
WebRAT functions as both a backdoor and an infostealer, providing threat actors with extensive access to compromised systems:
Primary Functions
- Credential Theft: Steals login credentials for Steam, Discord, and Telegram accounts
- Cryptocurrency Wallet Access: Extracts information from any cryptocurrency wallets installed on the system
- Browser Extension Data: Harvests data from browser add-ons and extensions
- Webcam Surveillance: Activates webcam for remote video surveillance of victims
- Screen Capture: Takes screenshots of victim’s desktop activity
- Backdoor Access: Provides persistent remote access to compromised systems
The specific focus on gaming platforms (Steam), communication tools (Discord, Telegram), and cryptocurrency wallets suggests the threat actors are targeting researchers and cybercriminals who frequently use these services. Security researchers often maintain accounts on these platforms for threat intelligence gathering, while cybercriminals use them for coordination and cryptocurrency transactions.
Target Profile: Security Researchers and Cybercriminals
The campaign specifically targets two overlapping populations:
Security Researchers: Professionals who regularly download and analyze proof-of-concept exploits as part of vulnerability research and threat intelligence activities.
Cybercriminals: Threat actors who seek working exploits for offensive purposes, making them potential victims of attacks by competing criminal groups.
GitHub as Attack Vector
GitHub represents an ideal platform for this attack strategy due to several factors:
• High trust level among developers and security researchers
• Size and popularity in software development and cybersecurity communities
• Legitimate use case for hosting proof-of-concept exploits
• Easy discoverability through search functionality
• Professional appearance lending credibility to malicious repositories
GitHub’s size and popularity make it a major target for cybercriminals who frequently attempt typosquatting—creating malicious repositories with names similar to legitimate packages. Users downloading packages through automated tools or quickly typing repository names may inadvertently access malicious versions.
Current Status and Remediation
GitHub has removed all 15 identified malicious repositories from its platform. However, this removal does not address infections that occurred prior to takedown.
For Potentially Affected Users:
1. Assume compromise if you downloaded any proof-of-concept exploits from GitHub between September and December 2025
2. Search for processes named rasmanesc.exe or similar Windows-mimicking executables
3. Check for disabled security software, particularly Windows Defender
4. Scan with multiple tools as WebRAT may have disabled primary antivirus
5. Change all credentials for Steam, Discord, Telegram, and cryptocurrency wallets
6. Review webcam activity and consider covering webcams when not in use
7. Monitor for persistent backdoor access even after initial removal attempts
Ongoing Risk
Security researchers warn that the 15 identified repositories likely do not represent the complete scope of the campaign. Additional malicious repositories may exist that have not yet been discovered or reported.
Best Practices for Security Researchers
To protect against similar attacks, security professionals should implement the following practices:
• Use isolated environments (virtual machines, sandboxes) when analyzing untrusted code
• Verify repository authenticity through commit history, contributor profiles, and community feedback
• Cross-reference with official advisories from vulnerability researchers before downloading PoCs
• Examine code before execution rather than running packages sight-unseen
• Monitor for typosquatting by carefully verifying repository names and URLs
• Maintain updated threat intelligence on active campaigns targeting researchers
• Use security tools that can detect privilege escalation and security software disabling
Broader Implications
This campaign highlights several concerning trends in cybersecurity:
1. AI-Accelerated Social Engineering: Generative AI enables rapid creation of convincing malicious content at scale, lowering barriers for sophisticated attacks.
2. Targeting Security Professionals: Even highly trained individuals with security awareness can be victimized when malicious content appears in expected contexts.
3. Platform Trust Exploitation: Trusted platforms like GitHub become attack vectors precisely because of their legitimacy and widespread use.
4. Criminal-on-Criminal Activity: The potential targeting of cybercriminals alongside researchers suggests internal conflict within threat actor communities.
5. Persistent Access Priority: The backdoor functionality indicates long-term access goals beyond immediate credential theft.
Conclusion
The discovery of 15 AI-generated malicious repositories targeting security researchers through fake proof-of-concept exploits represents a sophisticated supply chain attack on the cybersecurity community itself. The campaign’s three-month duration before detection suggests the approach was effective at evading scrutiny from its intended victims.
Key takeaways include:
• Confirmed infections require manual remediation as repository removal does not clean compromised systems
• Additional malicious repositories likely remain undiscovered, requiring ongoing vigilance
• AI integration in cybercrime enables more convincing and scalable social engineering attacks
• Security professionals remain vulnerable despite heightened awareness when attacks appear in expected contexts
• Trusted platforms require verification procedures even when downloading from apparently legitimate sources
For the cybersecurity community, this incident underscores the need for enhanced verification procedures when downloading code from any source, including repositories with professional appearances on trusted platforms. The use of isolated analysis environments and code review before execution remain critical defensive practices.
Be First to Comment