Scammers Are Selling False Microsoft Exchange Exploits on GitHub

Scammers are creating GitHub repositories to sell fake exploits for two Microsoft Exchange Server zero-day vulnerabilities.


Security researchers have found are selling fake proof-of-concept ProxyNotShell exploits for the recently confirmed . By impersonating security researchers, the scammers are trying to pass off fake exploits to gain money.

Over the weekend, confirmed two new vulnerabilities in Exchange Server.

The company is tracking the flaws as CVE-2022-41040 and CVE-2022-41082, respectively. Microsoft describes the first as a Server-Side Request Forgery (SSRF) bug, while the second could allow threat actors to conduct a (RCE) attack through PowerShell.

In its guidance for the flaws, Microsoft says it has seen targeted attacks on 10 organisations. The threat actors were able to exploit the vulnerabilities and Microsoft believes the attacks come from one state-sponsored group.

Microsoft and other security researchers working on these bugs are so far keeping technical information private. This is to stop more threat actors from learning how to exploit them. It seems only a small pool of hackers have found a way to exploit the flaws.

GitHub Scam

However, one scammer has taken a nefarious initiative. On , this person/s is creating repositories that pretend to be a proof-of-concept exploit for both CVE-2022-41040 and CVE-2022-41082.

John Hammond from Huntress Labs has been tracking the scammers and charting their activity on Twitter. He found five accounts selling fake exploits: ‘jml4da', ‘TimWallbey', ‘Liu Zhao Khin (0daylabin)', ‘R007er', and ‘spher0x.' Each account has since been removed from GitHub.

It is likely there are many more scammers looking to take advantage of the situation. Microsoft vulnerability exploits can sell for hundreds of thousands of dollars. Needless to say, you should not hand over any cash or crypto to anyone claiming to have an exploit.

Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won't bother you again.