GitHub
Hiki i ka malware ke ʻike i nā faila papahana NetBeans a hoʻohui i kāna code i nā faila papahana a hui pū ʻia nā faila JAR. Hoʻomaka ka algorithm hana i ka ʻimi ʻana i ka papa kuhikuhi NetBeans me nā papahana a ka mea hoʻohana, e helu ana i nā papahana āpau i kēia papa kuhikuhi, e kope ana i ka palapala hōʻino i
I ka wā i hoʻoiho ai kekahi mea hoʻohana a hoʻokuʻu i ka faila JAR i maʻi ʻia, ua hoʻomaka ʻia kahi pōʻai hou o ka ʻimi ʻana iā NetBeans a me ka hoʻokomo ʻana i nā code malicious ma kāna ʻōnaehana, e pili ana i ke ʻano o ka hana o nā viruses kamepiula hoʻolaha ponoʻī. Ma waho aʻe o ka hana hoʻolaha ponoʻī, ua komo pū ka code malicious i ka hana backdoor e hāʻawi i kahi mamao mamao i ka ʻōnaehana. I ka manawa o ka hanana, ʻaʻole ikaika nā kikowaena backdoor control (C&C).
I ka huina, i ka wā e aʻo ai i nā papahana i hoʻopilikia ʻia, ua ʻike ʻia nā ʻano ʻano 4 o ka maʻi. Ma kekahi o nā koho, e ho'ā i ka puka hope ma Linux, ua hana ʻia kahi faila autostart "$HOME/.config/autostart/octo.desktop", a ma Windows, ua hoʻomaka ʻia nā hana ma o schtasks e hoʻomaka ai. ʻO nā faila ʻē aʻe i hana ʻia:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Hiki ke hoʻohana ʻia ka puka hope e hoʻohui i nā bookmark i ke code i kūkulu ʻia e ka mea hoʻomohala, leak code o nā ʻōnaehana proprietary, ʻaihue i ka ʻikepili huna a lawe i nā moʻokāki. ʻAʻole hoʻoholo ka poʻe noiʻi mai GitHub ʻaʻole i kaupalena ʻia ka hana ʻino i NetBeans a aia kekahi mau ʻano ʻē aʻe o Octopus Scanner i hoʻokomo ʻia i loko o ke kaʻina hana e pili ana iā Make, MsBuild, Gradle a me nā ʻōnaehana ʻē aʻe e hoʻolaha iā lākou iho.
ʻAʻole i haʻi ʻia nā inoa o nā papahana pili, akā hiki ke maʻalahi
Source: opennet.ru