GitHub Malware wanda ke kai hari a cikin NetBeans IDE kuma yana amfani da tsarin gini don yada kansa. Binciken ya nuna cewa yin amfani da malware da ake tambaya, wanda aka ba da sunan Octopus Scanner, an haɗa ƙofofin baya a ɓoye cikin ayyukan buɗewa guda 26 tare da wuraren ajiya akan GitHub. Alamun farko na bayyanar Octopus Scanner tun daga watan Agusta 2018.
malware yana iya gano fayilolin aikin NetBeans kuma ya ƙara lambar sa zuwa fayilolin aikin da kuma haɗa fayilolin JAR. Algorithm na aiki ya gangara zuwa nemo kundin adireshi na NetBeans tare da ayyukan mai amfani, yana ƙididdige duk ayyukan da ke cikin wannan kundin adireshi, yana kwafin rubutun mugunta zuwa ga. da yin canje-canje ga fayil ɗin don kiran wannan rubutun duk lokacin da aka gina aikin. Lokacin da aka haɗa, ana haɗa kwafin malware a cikin fayilolin JAR da aka samo, waɗanda suka zama tushen ƙarin rarrabawa. Misali, an buga fayiloli masu ɓarna zuwa ma'ajiyar ayyukan buɗe ido guda 26 da aka ambata a sama, da kuma wasu ayyuka daban-daban yayin buga sabbin abubuwan da aka fitar.
Lokacin da aka zazzage fayil ɗin JAR mai cutar kuma wani mai amfani ya ƙaddamar da shi, wani sake zagayowar neman NetBeans da gabatar da muggan code ya fara akan tsarin sa, wanda yayi daidai da tsarin aiki na ƙwayoyin cuta na kwamfuta masu yaɗa kai. Baya ga aikin yaɗa kai, lambar ƙeta kuma ta haɗa da ayyukan bayan gida don ba da dama ga tsarin nesa. A lokacin abin da ya faru, sabar kulawar bayan gida (C&C) ba ta aiki.
Gabaɗaya, lokacin nazarin ayyukan da abin ya shafa, an gano nau'ikan kamuwa da cuta guda 4. A cikin ɗayan zaɓuɓɓukan, don kunna kofa a cikin Linux, an ƙirƙiri fayil ɗin autostart "$ HOME/.config/autostart/octo.desktop", kuma a cikin Windows, an ƙaddamar da ayyuka ta hanyar schtasks don ƙaddamar da shi. Sauran fayilolin da aka ƙirƙira sun haɗa da:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Ana iya amfani da kofa ta baya don ƙara alamun shafi zuwa lambar da mai haɓakawa ya ƙera, lambar ɗigo ta tsarin mallakar mallaka, satar bayanan sirri da karɓar asusu. Masu bincike daga GitHub ba su yanke hukuncin cewa munanan ayyuka ba su iyakance ga NetBeans ba kuma za a iya samun wasu bambance-bambancen na Octopus Scanner waɗanda ke cikin tsarin ginawa bisa Make, MsBuild, Gradle da sauran tsarin don yada kansu.
Ba a ambaci sunayen ayyukan da abin ya shafa ba, amma ana iya kasancewa cikin sauƙi ta hanyar bincike a GitHub ta amfani da abin rufe fuska "cache.dat". Daga cikin ayyukan da aka gano alamun munanan ayyuka: , , , , , , , , , , , , .
source: budenet.ru