GitHub
Pulogalamu yaumbanda imatha kuzindikira mafayilo a projekiti ya NetBeans ndikuwonjezera nambala yake pamafayilo a polojekiti ndikulemba mafayilo a JAR. Ma algorithm ogwirira ntchito amafikira pakupeza chikwatu cha NetBeans chokhala ndi ma projekiti a ogwiritsa ntchito, kuwerengera ma projekiti onse mu bukhuli, kukopera zolemba zoyipa ku.
Fayilo ya JAR yomwe ili ndi kachilomboka idatsitsidwa ndikuyambitsidwa ndi wogwiritsa ntchito wina, kutsata kwina kwa NetBeans ndikuyambitsa ma code oyipa kudayamba pa makina ake, omwe amafanana ndi mawonekedwe opangira ma virus odzipatsira okha. Kuphatikiza pa ntchito yodzifalitsa, code yoyipa imaphatikizanso ntchito yakumbuyo kuti ipereke mwayi wakutali kudongosolo. Panthawiyi, ma seva a backdoor control (C&C) sanagwire ntchito.
Pazonse, pophunzira ntchito zomwe zakhudzidwa, mitundu 4 ya matenda idadziwika. Mu imodzi mwazosankha, kuti mutsegule backdoor mu Linux, fayilo ya autostart "$ HOME/.config/autostart/octo.desktop" idapangidwa, ndipo mu Windows, ntchito zinayambika kudzera pa schtasks kuti muyiyambitse. Mafayilo ena opangidwa ndi awa:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Khomo lakumbuyo litha kugwiritsidwa ntchito kuwonjezera ma bookmark pama code opangidwa ndi wopanga mapulogalamu, code yotayikira yamakina eni, kuba zinsinsi ndikuwongolera maakaunti. Ofufuza ochokera ku GitHub samatsutsa kuti kuchita zoipa sikungokhala ku NetBeans ndipo pakhoza kukhala mitundu ina ya Octopus Scanner yomwe imayikidwa muzomangamanga kutengera Make, MsBuild, Gradle ndi machitidwe ena kuti adzifalitse.
Mayina a mapulojekiti okhudzidwa sanatchulidwe, koma akhoza kukhala
Source: opennet.ru