In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a “hot” vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware.

According to research from Palo Alto Networks, the cyberattacker, who goes by “whalersplonk,” took advantage of a very real remote code execution (RCE) security bug in WinRAR (CVE-2023-40477) that was made public on Aug. 17. The attacker quickly pulled together a convincing but fake PoC for the bug, which it pushed out to a GitHub repository the same week knowing that the flaw would attract attention — WinRAR, after all, has more than 500 million users worldwide.