GitHub Malware e hoʻouka i nā papahana ma ka NetBeans IDE a hoʻohana i ke kaʻina hana e hoʻolaha iā ia iho. Ua hōʻike ʻia ka hoʻokolokolo ʻana i ka hoʻohana ʻana i ka malware i nīnau ʻia, i kapa ʻia ʻo Octopus Scanner, ua hoʻopili huna ʻia nā puka hope i loko o 26 mau papahana wehe me nā waihona ma GitHub. ʻO nā hiʻohiʻona mua o ka hōʻike ʻana o ka Octopus Scanner mai ʻAukake 2018.
Hiki i ka malware ke ʻike i nā faila papahana NetBeans a hoʻohui i kāna code i nā faila papahana a hui pū ʻia nā faila JAR. Hoʻomaka ka algorithm hana i ka ʻimi ʻana i ka papa kuhikuhi NetBeans me nā papahana a ka mea hoʻohana, e helu ana i nā papahana āpau i kēia papa kuhikuhi, e kope ana i ka palapala hōʻino i a me ka hoʻololi ʻana i ka faila e kāhea i kēia palapala i kēlā me kēia manawa i kūkulu ʻia ka papahana. I ka hui ʻana, ua hoʻokomo ʻia kahi kope o ka malware i nā faila JAR i loaʻa, i lilo i kumu no ka hoʻohele hou ʻana. No ka laʻana, ua kau ʻia nā faila ʻino i nā waihona o nā papahana open source 26 i ʻōlelo ʻia ma luna, a me nā papahana ʻē aʻe i ka wā e paʻi ana i nā kūkulu o nā mea hou.
I ka wā i hoʻoiho ai kekahi mea hoʻohana a hoʻokuʻu i ka faila JAR i maʻi ʻia, ua hoʻomaka ʻia kahi pōʻai hou o ka ʻimi ʻana iā NetBeans a me ka hoʻokomo ʻana i nā code malicious ma kāna ʻōnaehana, e pili ana i ke ʻano o ka hana o nā viruses kamepiula hoʻolaha ponoʻī. Ma waho aʻe o ka hana hoʻolaha ponoʻī, ua komo pū ka code malicious i ka hana backdoor e hāʻawi i kahi mamao mamao i ka ʻōnaehana. I ka manawa o ka hanana, ʻaʻole ikaika nā kikowaena backdoor control (C&C).
I ka huina, i ka wā e aʻo ai i nā papahana i hoʻopilikia ʻia, ua ʻike ʻia nā ʻano ʻano 4 o ka maʻi. Ma kekahi o nā koho, e ho'ā i ka puka hope ma Linux, ua hana ʻia kahi faila autostart "$HOME/.config/autostart/octo.desktop", a ma Windows, ua hoʻomaka ʻia nā hana ma o schtasks e hoʻomaka ai. ʻO nā faila ʻē aʻe i hana ʻia:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Hiki ke hoʻohana ʻia ka puka hope e hoʻohui i nā bookmark i ke code i kūkulu ʻia e ka mea hoʻomohala, leak code o nā ʻōnaehana proprietary, ʻaihue i ka ʻikepili huna a lawe i nā moʻokāki. ʻAʻole hoʻoholo ka poʻe noiʻi mai GitHub ʻaʻole i kaupalena ʻia ka hana ʻino i NetBeans a aia kekahi mau ʻano ʻē aʻe o Octopus Scanner i hoʻokomo ʻia i loko o ke kaʻina hana e pili ana iā Make, MsBuild, Gradle a me nā ʻōnaehana ʻē aʻe e hoʻolaha iā lākou iho.
ʻAʻole i haʻi ʻia nā inoa o nā papahana pili, akā hiki ke maʻalahi ma o ka huli ʻana ma GitHub me ka hoʻohana ʻana i ka mask "cache.dat". Ma waena o nā papahana i loaʻa ai nā ʻano hana ʻino: , , , , , , , , , , , , .
Source: opennet.ru