Open Source Hit By Octopus Scanner Malware
Written by Kay Ewbank   
Tuesday, 09 June 2020

An investigation by GitHub Security Labs has found malware within 26 open source code repositories based on Apache NetBeans. The GitHub team was acting on a tip off from a security researcher that GitHub-hosted repositories that were unintentionally actively serving malware.

The GitHub team discovered that the Octopus Scanner malware had been designed to enumerate and backdoor NetBeans projects, and to use the build process and its resulting artifacts to spread itself.

netbeans

Apache has said that the initial point of infection is undetermined and all activity with the malware has been shut down. The malware relied on project templates generated by Apache NetBeans using an older customized Apache Ant-based build system that has been in limited use since 2006. This does not impact users of other build systems like Apache Maven or Gradle or even most Apache Ant users.

The way the malware works is that when a developer downloads a project from an infected repository, Octopus Scanner is activated and scans the developer’s computer for the presence of NetBeans. If NetBeans is present, an initial-stage dropper is installed. From that point onwards, whenever a project was built, the JAR files got infected with the dropper. When executed, the dropper spawns a Remote Administration Tool (RAT), which connects to a set of C2 servers. One bright spot is that the malware C2 servers didn't seem to be active at the time of analysis,

The GitHub security team says that while the NetBeans malware has been identified, similar malware could also have been implemented for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed. They estimate that the malware could have been present since 2018.

The GitHub team concluded that the malware was particularly dangerous as the primary-infected users are developers, so the access that is gained is of high interest to attackers since developers generally have access to additional projects, production environments, database passwords, and other critical assets.

netbeans

More Information

GitHub Security Report

Apache NetBeans

Related Articles

NetBeans Is A Top-Level Apache Project

GitHub Security Bug Bounty Milestones

Counting Vulnerabilities In Open Source Projects and Programming Languages

RSA Encryption Cracked By Careless Implemenation

NetBeans 10 Improves JDK 11 Support But Drops C/C++ Update: Not Really 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Microsoft Improves Python Support In VSCode
07/07/2020

Visual Studio Code has a new extension to improve Python support. Pylance adds fast, static type checking, autocomplete, and live type information about symbols among other features to the existing Py [ ... ]



Rust Is Safer But Do We Use It Safely
15/07/2020

Rust seems to be the great hope to create a safer programming language. It provides sophisticated checks on what you are doing that make it more difficult to write code that can hide a bug or allow an [ ... ]


More News

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info