GitHub I-Malware ehlasela amaphrojekthi ku-NetBeans IDE futhi isebenzisa inqubo yokwakha ukuze izisakaze. Uphenyo lubonise ukuthi ukusebenzisa uhlelo olungayilungele ikhompuyutha okukhulunywa ngalo, olunikezwe igama elithi Octopus Scanner, izicabha zahlanganiswa ngokuyimfihlo kumaphrojekthi avuliwe angama-26 anamakhosombe ku-GitHub. Imikhondo yokuqala yokubonakaliswa kwe-Octopus Scanner ihlehlela emuva ku-Agasti 2018.
Uhlelo olungayilungele ikhompuyutha luyakwazi ukubona amafayela ephrojekthi ye-NetBeans futhi lwengeze ikhodi yalo kumafayela ephrojekthi futhi luhlanganise amafayela e-JAR. I-algorithm yomsebenzi ifinyelela ekutholeni uhla lwemibhalo lwe-NetBeans namaphrojekthi omsebenzisi, ibala wonke amaphrojekthi kulolu hlu lwemibhalo, ikopisha umbhalo ongalungile kuwo. nokwenza izinguquko kufayela ukubiza lesi sikripthi njalo uma iphrojekthi yakhiwe. Uma ihlanganiswa, ikhophi yohlelo olungayilungele ikhompuyutha ifakwa kumafayela angumphumela we-JAR, aba umthombo wokusatshalaliswa okwengeziwe. Isibonelo, amafayela anonya athunyelwe kumakhosombe amaphrojekthi emithombo evulekile eshiwo ngenhla engu-26, kanye namanye amaphrojekthi ahlukahlukene lapho kushicilela izakhiwo zokukhishwa okusha.
Lapho ifayela le-JAR elinegciwane lilandwa futhi lethulwa omunye umsebenzisi, omunye umjikelezo wokufuna i-NetBeans nokwethula ikhodi enonya waqala ohlelweni lwakhe, oluhambisana nemodeli yokusebenza yamagciwane ekhompyutha azisakaza wona. Ngokungeziwe ekusebenzeni kokuzisakaza ngokwakho, ikhodi enonya iphinda ihlanganise nokusebenza kwe-backdoor ukuze kuhlinzekwe ngokufinyelela kude kusistimu. Ngesikhathi sesigameko, amaseva e-backdoor control (C&C) abengasebenzi.
Sekukonke, lapho kufundwa amaphrojekthi athintekile, izinhlobo ezi-4 zokutheleleka zihlonzwe. Kokunye okukhethwa kukho, ukuze uvule i-backdoor ku-Linux, ifayela le-autostart "$HOME/.config/autostart/octo.desktop" ladalwa, futhi ku-Windows, imisebenzi yethulwa ngama-schtask ukuze iqalise. Amanye amafayela adaliwe afaka:
- $HOME/.local/share/bbauto
- $HOME/.config/autostart/none.desktop
- $HOME/.config/autostart/.desktop
- $HOME/.local/share/Main.class
- $HOME/Library/LaunchAgents/AutoUpdater.dat
- $HOME/Library/LaunchAgents/AutoUpdater.plist
- $HOME/Library/LaunchAgents/SoftwareSync.plist
- $HOME/Library/LaunchAgents/Main.class
I-backdoor ingase isetshenziselwe ukwengeza amabhukumaka kukhodi ethuthukiswe unjiniyela, ikhodi evuzayo yezinhlelo zobunikazi, ukweba idatha eyimfihlo futhi uthathe ama-akhawunti. Abacwaningi abavela ku-GitHub abakhiphi ukuthi umsebenzi onobungozi awukhawulelwe ku-NetBeans futhi kungase kube nezinye izinhlobo ze-Octopus Scanner ezishumekwe kunqubo yokwakha esekelwe ku-Make, MsBuild, Gradle nezinye izinhlelo ukuze zizisakaze.
Amagama amaphrojekthi athintekile awashiwongo, kodwa angaba lula ngokusesha ku-GitHub usebenzisa imaski ethi “cache.dat”. Phakathi kwamaphrojekthi lapho kutholwe khona iminonjana yezenzo ezinonya: , , , , , , , , , , , , .
Source: opennet.ru