GitHub Malware e hlaselang merero ho NetBeans IDE mme e sebelisa mokhoa oa ho aha ho ikatisa. Patlisiso e bonts'itse hore ho sebelisa malware eo ho buuoang ka eona, e ileng ea reoa lebitso la Octopus Scanner, mamati a ka morao a ne a kopantsoe ka lekunutu ho merero e bulehileng ea 26 e nang le polokelo ho GitHub. Mehlala ea pele ea ponahatso ea Octopus Scanner e qalile ka Phato 2018.
Malware e khona ho tsebahatsa lifaele tsa projeke ea NetBeans mme e kenye khoutu ea eona ho lifaele tsa projeke mme e bokelle lifaele tsa JAR. Algorithm ea mosebetsi e theohela ho fumana bukana ea NetBeans e nang le merero ea mosebelisi, e hlakisa merero eohle bukeng ena, e kopitsa mongolo o mobe ho. le ho etsa liphetoho faeleng ho letsetsa mongolo ona nako le nako ha morero o hahuoa. Ha e bokelloa, kopi ea malware e kenyelelitsoe lifaeleng tse hlahisitsoeng tsa JAR, tse fetohang mohloli oa kabo e tsoelang pele. Mohlala, lifaele tse lonya li ile tsa romelloa polokelong ea merero e boletsoeng ka holimo ea mohloli o bulehileng oa 26, hammoho le merero e meng e fapaneng ha ho phatlalatsoa likhakanyo tse ncha.
Ha faele ea JAR e tšoaelitsoeng e ne e jarolloa 'me e qalisoa ke mosebelisi e mong, potoloho e' ngoe ea ho batla NetBeans le ho hlahisa khoutu e mpe e qalile ho sistimi ea hae, e tsamaellanang le mofuta oa ts'ebetso oa livaerase tsa khomphutha tse ikatisang. Ntle le ts'ebetso ea ho ikatisa, khoutu e mpe e boetse e kenyelletsa ts'ebetso ea backdoor ho fana ka phihlello ea hole ho sistimi. Nakong ea ketsahalo, li-server tsa backdoor control (C&C) li ne li sa sebetse.
Ka kakaretso, ha u ithuta merero e amehileng, mefuta e 4 ea tšoaetso e ile ea fumanoa. Ho e 'ngoe ea likhetho, ho kenya tšebetsong backdoor ho Linux, faele ea autostart "$ HOME/.config/autostart/octo.desktop" e entsoe, mme ho Windows, mesebetsi e ile ea qalisoa ka li-schtasks ho e qala. Lifaele tse ling tse entsoeng li kenyelletsa:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
Monyako o ka morao o ka sebelisoa ho kenya li-bookmark ho khoutu e ntlafalitsoeng ke mohlahlami, ho lutla khoutu ea litsamaiso tsa thepa, ho utsoa data ea lekunutu le ho nka liakhaonto. Bafuputsi ba GitHub ha ba fane ka qeto ea hore ts'ebetso e mpe ha e felle feela ho NetBeans mme ho ka 'na ha e-ba le mefuta e meng ea Octopus Scanner e kentsoeng ts'ebetsong ea kaho e thehiloeng ho Make, MsBuild, Gradle le mekhoa e meng ea ho ikatisa.
Mabitso a merero e amehileng ha a boleloe, empa a ka ba bonolo ka ho batla ho GitHub u sebelisa "cache.dat" mask. Har'a merero eo ho eona ho fumanoeng mesaletsa ea liketso tse lonya: , , , , , , , , , , , , .
Source: opennet.ru