GitHub
malware yana iya gano fayilolin aikin NetBeans kuma ya ƙara lambar sa zuwa fayilolin aikin da kuma haɗa fayilolin JAR. Algorithm na aiki ya gangara zuwa nemo kundin adireshi na NetBeans tare da ayyukan mai amfani, yana ƙididdige duk ayyukan da ke cikin wannan kundin adireshi, yana kwafin rubutun mugunta zuwa ga.
Lokacin da aka zazzage fayil ɗin JAR mai cutar kuma wani mai amfani ya ƙaddamar da shi, wani sake zagayowar neman NetBeans da gabatar da muggan code ya fara akan tsarin sa, wanda yayi daidai da tsarin aiki na ƙwayoyin cuta na kwamfuta masu yaɗa kai. Baya ga aikin yaɗa kai, lambar ƙeta kuma ta haɗa da ayyukan bayan gida don ba da dama ga tsarin nesa. A lokacin abin da ya faru, sabar kulawar bayan gida (C&C) ba ta aiki.
Gabaɗaya, lokacin nazarin ayyukan da abin ya shafa, an gano nau'ikan kamuwa da cuta guda 4. A cikin ɗayan zaɓuɓɓukan, don kunna kofa a cikin Linux, an ƙirƙiri fayil ɗin autostart "$ HOME/.config/autostart/octo.desktop", kuma a cikin Windows, an ƙaddamar da ayyuka ta hanyar schtasks don ƙaddamar da shi. Sauran fayilolin da aka ƙirƙira sun haɗa da:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Ana iya amfani da kofa ta baya don ƙara alamun shafi zuwa lambar da mai haɓakawa ya ƙera, lambar ɗigo ta tsarin mallakar mallaka, satar bayanan sirri da karɓar asusu. Masu bincike daga GitHub ba su yanke hukuncin cewa munanan ayyuka ba su iyakance ga NetBeans ba kuma za a iya samun wasu bambance-bambancen na Octopus Scanner waɗanda ke cikin tsarin ginawa bisa Make, MsBuild, Gradle da sauran tsarin don yada kansu.
Ba a ambaci sunayen ayyukan da abin ya shafa ba, amma ana iya kasancewa cikin sauƙi
source: budenet.ru