Another common vector I've seen in Github repos that allege they help recover lost seed phrases, but are malware themselves. Usually released as .exe but sometime Linux also.

security

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.

The tactic isn't novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub.

However, this case, discovered by Trend Micro, highlights that threat actors continue to use the tactic to trick unsuspecting users into infecting themselves with malware.