Cybercriminals were spotted posing as security researchers to sell fake ProxyNotShell proof-of-concept exploits for recently discovered zero-day vulnerabilities in Microsoft Exchange.
By setting up GitHub repositories for phony exploits, scammers have jumped on the bandwagon to take advantage of Exchange flaws, according to Microsoft and GTSC. The Exchange bugs CVE-2022-41040 and CVE-2022-41082 are the focus of the phony proof-of-concept. At least five fake accounts were promoting it, according to researchers.
The increase in exploits for bugs that have not yet been patched is not a recent phenomenon, and skilled threat actors like APT groups and nation-sponsored attackers will always be ready to capitalize on it with ruses. A SatoshiDisk page where the scammer is attempting to sell the fake exploit is linked to in the README files.