GitHub Malware uas tawm tsam cov haujlwm hauv NetBeans IDE thiab siv cov txheej txheem tsim kom nthuav tawm nws tus kheej. Qhov kev tshawb nrhiav pom tau tias siv cov malware hauv nqe lus nug, uas tau muab lub npe Octopus Scanner, backdoors tau covertly koom ua ke rau hauv 26 qhib tej yaam num nrog repositories ntawm GitHub. Thawj cov cim ntawm Octopus Scanner tshwm sim hnub rov qab rau lub Yim Hli 2018.
Tus malware muaj peev xwm txheeb xyuas NetBeans qhov project cov ntaub ntawv thiab ntxiv nws cov cai rau cov ntaub ntawv project thiab muab tso ua ke JAR cov ntaub ntawv. Kev ua haujlwm algorithm npau taws mus nrhiav NetBeans cov npe nrog tus neeg siv cov haujlwm, suav tag nrho cov haujlwm hauv phau ntawv no, luam cov ntawv tsis zoo rau thiab hloov cov ntaub ntawv hu rau tsab ntawv no txhua lub sijhawm ua qhov project. Thaum sib sau ua ke, ib daim ntawv theej ntawm cov malware tau suav nrog hauv JAR cov ntaub ntawv, uas dhau los ua qhov kev faib tawm ntxiv. Piv txwv li, cov ntaub ntawv tsis zoo tau muab tso rau hauv qhov chaw khaws cia ntawm cov lus hais saum toj no 26 qhib qhov project, nrog rau ntau yam lwm yam haujlwm thaum tshaj tawm cov kev tsim tawm tshiab.
Thaum lwm tus neeg siv rub tawm thiab tso tawm cov ntaub ntawv JAR muaj kab mob, lwm lub voj voog ntawm kev tshawb nrhiav NetBeans thiab qhia cov lej tsis zoo pib ntawm nws lub cev, uas sib haum rau tus qauv ntawm kev ua haujlwm ntawm tus kheej kis kab mob hauv computer. Ntxiv nrog rau kev nthuav tawm tus kheej ua haujlwm, cov cai tsis zoo kuj suav nrog kev ua haujlwm sab nraum qab los muab cov chaw taws teeb nkag mus rau qhov system. Thaum lub sijhawm tshwm sim, kev tswj hwm sab nraum qab (C&C) servers tsis ua haujlwm.
Hauv tag nrho, thaum kawm txog cov haujlwm cuam tshuam, 4 qhov sib txawv ntawm kev kis tau raug txheeb xyuas. Hauv ib qho ntawm cov kev xaiv, txhawm rau qhib qhov backdoor hauv Linux, autostart cov ntaub ntawv "$HOME/.config/autostart/octo.desktop" tau tsim, thiab hauv Windows, cov haujlwm tau tsim los ntawm schtasks los tso nws. Lwm cov ntaub ntawv tsim muaj xws li:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Lub backdoor tuaj yeem siv los ntxiv bookmarks rau cov cai tsim los ntawm tus tsim tawm, xau code ntawm cov tswv cuab, nyiag cov ntaub ntawv tsis pub lwm tus paub thiab coj mus rau cov nyiaj. Cov kws tshawb fawb los ntawm GitHub tsis txiav txim siab tias kev ua phem tsis txwv rau NetBeans thiab tej zaum yuav muaj lwm yam kev hloov pauv ntawm Octopus Scanner uas tau muab tso rau hauv cov txheej txheem tsim raws li Ua, MsBuild, Gradle thiab lwm lub tshuab kom nthuav tawm lawv tus kheej.
Cov npe ntawm cov haujlwm cuam tshuam tsis tau hais, tab sis lawv tuaj yeem yooj yim los ntawm kev tshawb fawb hauv GitHub siv lub npog "cache.dat". Ntawm cov dej num uas pom muaj kev ua phem tau pom: , , , , , , , , , , , , .
Tau qhov twg los: opennet.ru