GitHub Warns Java Developers Against New Malware Poisoning NetBeans Projects

GitHub met en garde les développeurs Java contre les nouveaux logiciels malveillants qui empoisonnent les projets NetBeans Cybersecurity

GitHub released a security alert on Thursday regarding a new strain of malware that is spreading on its site via booby-trapped Java projects. The malware, which the GitHub security team called Octopus Scanner, was found in projects managed by Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications.

GitHub Warns Java Developers Against New Malware Poisoning NetBeans Projects

GitHub said it found 26 deposits downloaded from its site that contained the Octopus Scanner malware, following a tip received from a security researcher on March 9.

According to GitHub, when other users download one of the 26 projects, the malware behaves like a virus that spreads automatically and infects their local computers. It would search the victim’s workstation for a local installation of the NetBeans IDE, and bury it in the developer’s other Java projects.

Final objective: install a remote access Trojan

The malware, which can run on Windows, MacOS and Linux, would then download a remote access Trojan (RAT) as the last stage of its infection, allowing the operator of the Octopus scanner to search the computer for a infected victim, looking for sensitive information. According to GitHub, the Octopus scanner campaign has been going on for years, with the oldest sample of malware having been uploaded to the VirusTotal web scanner in August 2018, during which time the malware worked unimpeded.

Although GitHub claims to have found only 26 projects downloaded to its platform that contained traces of the Octopus Scanner malware, it believes that many more projects have been infected in the past two years.

However, the real aim of the attack was to place a RAT on the machines of developers working on sensitive projects or in large software companies, and not necessarily to poison open source Java projects. The RAT would have allowed the attacker to steal confidential information on future tools, the proprietary source code or to modify the code to allow hidden access in the company or other closed source software.

Other most likely FDIs

“It is interesting to note that this malware attacked the NetBeans build process specifically because it is not the most commonly used Java IDE today,” GitHub security team said in a report on Thursday. .

“If the malware developers took the time to implement this malware specifically for NetBeans, it means that it could be a targeted attack, or that they may have already implemented the malware for construction systems such as Make, MsBuild, Gradle and others and that it could spread without being noticed, “added GitHub. “If the idea of ​​infecting construction processes is certainly not new, seeing it actively deployed and used in nature is certainly a disturbing trend. “

GitHub did not publish the names of the 26 poisoned projects, but did publish details about the Octopus scanner infection process, so NetBeans users and Java developers can look for signs if their projects have been altered.



Rate article
Add comment