GitHub
Uhlelo olungayilungele ikhompuyutha luyakwazi ukubona amafayela ephrojekthi ye-NetBeans futhi lwengeze ikhodi yalo kumafayela ephrojekthi futhi luhlanganise amafayela e-JAR. I-algorithm yomsebenzi ifinyelela ekutholeni uhla lwemibhalo lwe-NetBeans namaphrojekthi omsebenzisi, ibala wonke amaphrojekthi kulolu hlu lwemibhalo, ikopisha umbhalo ongalungile kuwo.
Lapho ifayela le-JAR elinegciwane lilandwa futhi lethulwa omunye umsebenzisi, omunye umjikelezo wokufuna i-NetBeans nokwethula ikhodi enonya waqala ohlelweni lwakhe, oluhambisana nemodeli yokusebenza yamagciwane ekhompyutha azisakaza wona. Ngokungeziwe ekusebenzeni kokuzisakaza ngokwakho, ikhodi enonya iphinda ihlanganise nokusebenza kwe-backdoor ukuze kuhlinzekwe ngokufinyelela kude kusistimu. Ngesikhathi sesigameko, amaseva e-backdoor control (C&C) abengasebenzi.
Sekukonke, lapho kufundwa amaphrojekthi athintekile, izinhlobo ezi-4 zokutheleleka zihlonzwe. Kokunye okukhethwa kukho, ukuze uvule i-backdoor ku-Linux, ifayela le-autostart "$HOME/.config/autostart/octo.desktop" ladalwa, futhi ku-Windows, imisebenzi yethulwa ngama-schtask ukuze iqalise. Amanye amafayela adaliwe afaka:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
I-backdoor ingase isetshenziselwe ukwengeza amabhukumaka kukhodi ethuthukiswe unjiniyela, ikhodi evuzayo yezinhlelo zobunikazi, ukweba idatha eyimfihlo futhi uthathe ama-akhawunti. Abacwaningi abavela ku-GitHub abakhiphi ukuthi umsebenzi onobungozi awukhawulelwe ku-NetBeans futhi kungase kube nezinye izinhlobo ze-Octopus Scanner ezishumekwe kunqubo yokwakha esekelwe ku-Make, MsBuild, Gradle nezinye izinhlelo ukuze zizisakaze.
Amagama amaphrojekthi athintekile awashiwongo, kodwa angaba lula
Source: opennet.ru