Open Source Hit By Octopus Scanner Malware
Written by Kay Ewbank   
Tuesday, 09 June 2020

An investigation by GitHub Security Labs has found malware within 26 open source code repositories based on Apache NetBeans. The GitHub team was acting on a tip off from a security researcher that GitHub-hosted repositories that were unintentionally actively serving malware.

The GitHub team discovered that the Octopus Scanner malware had been designed to enumerate and backdoor NetBeans projects, and to use the build process and its resulting artifacts to spread itself.

netbeans

Apache has said that the initial point of infection is undetermined and all activity with the malware has been shut down. The malware relied on project templates generated by Apache NetBeans using an older customized Apache Ant-based build system that has been in limited use since 2006. This does not impact users of other build systems like Apache Maven or Gradle or even most Apache Ant users.

The way the malware works is that when a developer downloads a project from an infected repository, Octopus Scanner is activated and scans the developer’s computer for the presence of NetBeans. If NetBeans is present, an initial-stage dropper is installed. From that point onwards, whenever a project was built, the JAR files got infected with the dropper. When executed, the dropper spawns a Remote Administration Tool (RAT), which connects to a set of C2 servers. One bright spot is that the malware C2 servers didn't seem to be active at the time of analysis,

The GitHub security team says that while the NetBeans malware has been identified, similar malware could also have been implemented for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed. They estimate that the malware could have been present since 2018.

The GitHub team concluded that the malware was particularly dangerous as the primary-infected users are developers, so the access that is gained is of high interest to attackers since developers generally have access to additional projects, production environments, database passwords, and other critical assets.

netbeans

More Information

GitHub Security Report

Apache NetBeans

Related Articles

NetBeans Is A Top-Level Apache Project

GitHub Security Bug Bounty Milestones

Counting Vulnerabilities In Open Source Projects and Programming Languages

RSA Encryption Cracked By Careless Implemenation

NetBeans 10 Improves JDK 11 Support But Drops C/C++ Update: Not Really 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Pluralsight Upskilling For AWS DeepRacer
28/07/2020

Pluralsight has announced a collaboration with Amazon Web Services to help us enhance our machine learning skills with AWS DeepRacer. It kicks off today with a webinar with the chance to win an AWS De [ ... ]



Microsoft Research Improves AI In Gaming
12/08/2020

Microsoft Research has announced several improvements to the use of reinforcement learning in gaming. The improvements include the development of  game agents that learn how to collaborate in tea [ ... ]


More News

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info