GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.
The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”
GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before on their platform.
“It was interesting that this malware attacked the NetBeans build process specifically since it is not the most common Java IDE in use today,” GitHub’s security team said in their report on Thursday.
“If malware developers took the time to implement this malware specifically for NetBeans, it means that it could either be a targeted attack, or they may already have implemented the malware for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed,” GitHub added.
A security researcher tipped GitHub to the issue on March 9th.
Following a deeper analysis, GitHub found that the malware would infect local computers upon a user downloading any of the 26 discovered projects.
Octopus Scanner would scan a victim’s computer for a NetBeans IDE installation and grab hold – like an octopus, presumably… – of any discovered projects, to infect them and continue replicating.
The malware installs a RAT (Remote Access Trojan) on the local PC as its final step in a bid to discover sensitive data. Using the RAT, an attacker would hope to find confidential information such as upcoming releases or proprietary source code which could be sold on or used for blackmail.
While the malware has only just been discovered, GitHub believes it’s been active for years and has probably infected many more projects than the 26 it found. The oldest sample of the malware discovered by GitHub dates back to August 2018.
(Photo by Zo Razafindramamba on Unsplash)
