GitHub Malware e osofaʻia galuega faatino i le NetBeans IDE ma faʻaogaina le faʻagasologa o le fausiaina e faʻasalalau ai ia lava. O le suʻesuʻega na faʻaalia ai o le faʻaaogaina o le malware o loʻo fesiligia, lea na tuʻuina atu i ai le igoa Octopus Scanner, pito i tua na tuʻufaʻatasia faʻatasi i totonu o le 26 galuega tatala faʻatasi ma faleoloa i GitHub. O faʻailoga muamua o le faʻaaliga o le Octopus Scanner na amata ia Aokuso 2018.
E mafai e le malware ona iloa faila poloketi NetBeans ma faʻaopopo lona code i faila faila ma tuʻufaʻatasia faila JAR. O le galuega algorithm e faʻapipiʻi i lalo i le sailia o le NetBeans directory faʻatasi ai ma galuega a le tagata faʻaoga, faʻavasegaina galuega uma i totonu o lenei lisi, kopi o le tusitusiga leaga i. ma faia suiga i le faila e valaau lenei tusitusiga i taimi uma e fausia ai le poloketi. Pe a faʻapotopotoina, o se kopi o le malware o loʻo aofia ai i le taunuuga o faila JAR, lea e avea ma puna o faʻasalalauga atili. Mo se faʻataʻitaʻiga, o faila leaga na lafoina i fale teu oloa o loʻo taʻua i luga e 26 faʻamatalaga tatala, faʻapea foʻi ma isi galuega faʻapitoa pe a faʻasalalau fausia o faʻasalalauga fou.
Ina ua sii mai le faila JAR ua pisia ma faalauiloa e se isi tagata faaaoga, o le isi taamilosaga o le sailiga mo NetBeans ma le faailoaina o tulafono leaga na amata i luga o lana polokalama, lea e fetaui ma le faʻaogaina o faʻataʻitaʻiga o siama komepiuta faʻasalalau. I le faaopoopo atu i le faʻalauiloaina o le tagata lava ia, o le tulafono leaga e aofia ai foʻi galuega i tua e maua ai le avanoa mamao i le faiga. I le taimi na tupu ai le faʻalavelave, e leʻi malosi le 'auʻaunaga i tua (C&C).
I le aofaʻi, pe a suʻesuʻeina poloketi na aʻafia, 4 ituaiga o faʻamaʻi na iloa. I se tasi o filifiliga, ina ia faʻagaoioia le backdoor i Linux, o se faila autostart "$HOME/.config/autostart/octo.desktop" na faia, ma i Windows, na faʻalauiloaina galuega e ala i schtasks e faʻalauiloa ai. O isi faila na faia e aofia ai:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
E mafai ona fa'aoga le faitoto'a pito i tua e fa'aopoopo ai fa'ailoga tusi i le fa'ailoga na fausia e le tagata atia'e, fa'ailoa le fa'ailoga o faiga fa'apitoa, gaoi fa'amatalaga fa'alilolilo ma ave fa'amaumauga. O tagata suʻesuʻe mai GitHub e le faʻasalaina e le gata i NetBeans le gaioiga leaga ma e ono iai isi suiga ole Octopus Scanner o loʻo faʻapipiʻiina i totonu o le faʻagasologa o le fausiaina e faʻavae i luga ole Make, MsBuild, Gradle ma isi faiga e faʻasalalau ai i latou lava.
E le o ta'ua igoa o poloketi ua afaina, ae e faigofie lava e ala i se suʻesuʻega i GitHub e faʻaaoga ai le "cache.dat" mask. Faatasi ai ma poloketi na maua ai uiga o gaioiga leaga: , , , , , , , , , , , , .
puna: opennet.ru