GitHub
Iyo malware inokwanisa kuona mafaira eprojekiti yeNetBeans uye kuwedzera kodhi yayo kumafaira epurojekiti uye akaunganidza mafaera eJAR. Iyo algorithm yebasa inowira pasi pakutsvaga iyo NetBeans dhairekitori nemapurojekiti emushandisi, ichiverengera mapurojekiti ese mudhairekitori iri, kukopa script yakaipa ku.
Pakadhindwa faira reJAR rine hutachiona uye rakatangwa nemumwe mushandisi, kumwe kutenderera kwekutsvaga maNetBeans uye kuunza kodhi ine hutsinye yakatanga pane yake system, iyo inoenderana neyekushandisa modhi yeanozviparadzira ega mavhairasi emakombuta. Pamusoro pekuita-kuzviparadzira kuita, iyo yakaipa kodhi inosanganisirawo backdoor mashandiro kupa kure kure kune system. Panguva yechiitiko ichi, maseva ekumashure (C&C) aive asiri kushanda.
Pakazara, pakudzidza mapurojekiti akakanganisika, 4 akasiyana ehutachiona akaonekwa. Mune imwe yesarudzo, kuti uvhure backdoor muLinux, iyo autostart faira "$ HOME/.config/autostart/octo.desktop" yakagadzirwa, uye muWindows, mabasa akatangwa kuburikidza ne schtasks kuti itange. Mamwe mafaira akagadzirwa anosanganisira:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Iyo yekuseri inogona kushandiswa kuwedzera mabhukimaki kune kodhi yakagadziridzwa nemugadziri, leak kodhi yevaridzi masisitimu, kuba data rakavanzika uye kutora maakaundi. Vatsvagiri kubva kuGitHub havarambise kuti kuita kwakashata hakungogumiri kuNetBeans uye panogona kunge paine mamwe akasiyana eOctopus Scanner akaiswa mukuvaka maitiro akavakirwa paMake, MsBuild, Gradle uye mamwe masisitimu ekuzviparadzira.
Mazita emapurojekiti akabatwa haana kutaurwa, asi anogona kuve nyore
Source: opennet.ru