GitHub Malware omwe amawononga mapulojekiti mu NetBeans IDE ndipo amagwiritsa ntchito njira yomanga kuti adzifalitse. Kafukufukuyu adawonetsa kuti kugwiritsa ntchito pulogalamu yaumbanda yomwe ikufunsidwa, yomwe idapatsidwa dzina la Octopus Scanner, zitseko zakumbuyo zidaphatikizidwa mobisa muma projekiti 26 otseguka okhala ndi nkhokwe pa GitHub. Kuwonetsa koyamba kwa chiwonetsero cha Octopus Scanner kudayamba mu Ogasiti 2018.
Pulogalamu yaumbanda imatha kuzindikira mafayilo a projekiti ya NetBeans ndikuwonjezera nambala yake pamafayilo a polojekiti ndikulemba mafayilo a JAR. Ma algorithm ogwirira ntchito amafikira pakupeza chikwatu cha NetBeans chokhala ndi ma projekiti a ogwiritsa ntchito, kuwerengera ma projekiti onse mu bukhuli, kukopera zolemba zoyipa ku. ndikusintha fayilo kuyimba script iyi nthawi iliyonse yomwe polojekiti ikumangidwa. Akasonkhanitsidwa, kopi ya pulogalamu yaumbanda imaphatikizidwa m'mafayilo a JAR, omwe amakhala gwero la kugawa kwina. Mwachitsanzo, mafayilo oyipa adatumizidwa kumalo osungiramo mapulojekiti 26 omwe atchulidwa pamwambapa, komanso ma projekiti ena osiyanasiyana pofalitsa zatsopano.
Fayilo ya JAR yomwe ili ndi kachilomboka idatsitsidwa ndikuyambitsidwa ndi wogwiritsa ntchito wina, kutsata kwina kwa NetBeans ndikuyambitsa ma code oyipa kudayamba pa makina ake, omwe amafanana ndi mawonekedwe opangira ma virus odzipatsira okha. Kuphatikiza pa ntchito yodzifalitsa, code yoyipa imaphatikizanso ntchito yakumbuyo kuti ipereke mwayi wakutali kudongosolo. Panthawiyi, ma seva a backdoor control (C&C) sanagwire ntchito.
Pazonse, pophunzira ntchito zomwe zakhudzidwa, mitundu 4 ya matenda idadziwika. Mu imodzi mwazosankha, kuti mutsegule backdoor mu Linux, fayilo ya autostart "$ HOME/.config/autostart/octo.desktop" idapangidwa, ndipo mu Windows, ntchito zinayambika kudzera pa schtasks kuti muyiyambitse. Mafayilo ena opangidwa ndi awa:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Khomo lakumbuyo litha kugwiritsidwa ntchito kuwonjezera ma bookmark pama code opangidwa ndi wopanga mapulogalamu, code yotayikira yamakina eni, kuba zinsinsi ndikuwongolera maakaunti. Ofufuza ochokera ku GitHub samatsutsa kuti kuchita zoipa sikungokhala ku NetBeans ndipo pakhoza kukhala mitundu ina ya Octopus Scanner yomwe imayikidwa muzomangamanga kutengera Make, MsBuild, Gradle ndi machitidwe ena kuti adzifalitse.
Mayina a mapulojekiti okhudzidwa sanatchulidwe, koma akhoza kukhala kudzera mukusaka mu GitHub pogwiritsa ntchito chigoba cha "cache.dat". Mwa ma projekiti omwe adapezeka kuti ali ndi zoyipa: , , , , , , , , , , , , .
Source: opennet.ru