GitHub Malware inorwisa mapurojekiti muNetBeans IDE uye inoshandisa maitiro ekuvaka kuzviparadzira. Ongororo iyi yakaratidza kuti kushandisa iyo malware iri mubvunzo, iyo yakapihwa zita rekuti Octopus Scanner, madoors akavharidzirwa akabatanidzwa mumapurojekiti makumi maviri nematanhatu akavhurika ane repositori paGitHub. Matekisheni ekutanga eOctopus Scanner kuratidzwa anotanga muna Nyamavhuvhu 26.
Iyo malware inokwanisa kuona mafaira eprojekiti yeNetBeans uye kuwedzera kodhi yayo kumafaira epurojekiti uye akaunganidza mafaera eJAR. Iyo algorithm yebasa inowira pasi pakutsvaga iyo NetBeans dhairekitori nemapurojekiti emushandisi, ichiverengera mapurojekiti ese mudhairekitori iri, kukopa script yakaipa ku. uye kuita shanduko kufaira kudaidza iyi script pese panovakwa purojekiti. Kana yaunganidzwa, kopi yemarware inosanganisirwa mune inoguma JAR mafaera, inova sosi yekumwe kugovera. Semuyenzaniso, mafaera ane hutsinye akatumirwa kumatura ezvataurwa pamusoro apa makumi maviri nematanhatu akavhurwa sosi mapurojekiti, pamwe nemamwe mapurojekiti akasiyana pakushambadza kuvaka kwezvinoburitswa.
Pakadhindwa faira reJAR rine hutachiona uye rakatangwa nemumwe mushandisi, kumwe kutenderera kwekutsvaga maNetBeans uye kuunza kodhi ine hutsinye yakatanga pane yake system, iyo inoenderana neyekushandisa modhi yeanozviparadzira ega mavhairasi emakombuta. Pamusoro pekuita-kuzviparadzira kuita, iyo yakaipa kodhi inosanganisirawo backdoor mashandiro kupa kure kure kune system. Panguva yechiitiko ichi, maseva ekumashure (C&C) aive asiri kushanda.
Pakazara, pakudzidza mapurojekiti akakanganisika, 4 akasiyana ehutachiona akaonekwa. Mune imwe yesarudzo, kuti uvhure backdoor muLinux, iyo autostart faira "$ HOME/.config/autostart/octo.desktop" yakagadzirwa, uye muWindows, mabasa akatangwa kuburikidza ne schtasks kuti itange. Mamwe mafaira akagadzirwa anosanganisira:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Iyo yekuseri inogona kushandiswa kuwedzera mabhukimaki kune kodhi yakagadziridzwa nemugadziri, leak kodhi yevaridzi masisitimu, kuba data rakavanzika uye kutora maakaundi. Vatsvagiri kubva kuGitHub havarambise kuti kuita kwakashata hakungogumiri kuNetBeans uye panogona kunge paine mamwe akasiyana eOctopus Scanner akaiswa mukuvaka maitiro akavakirwa paMake, MsBuild, Gradle uye mamwe masisitimu ekuzviparadzira.
Mazita emapurojekiti akabatwa haana kutaurwa, asi anogona kuve nyore kuburikidza nekutsvaga muGitHub uchishandisa "cache.dat" mask. Pakati pemapurojekiti umo maratidziro ekuita zvakaipa akawanikwa: , , , , , , , , , , , , .
Source: opennet.ru