Octopus Scanner: malware inokanganisa NetBeans uye inobvumira kumashure kuti iiswe

Iyo ziviso yekuti Mhando dzakasiyana dzehutachiona dzakawanikwa paGitHub malware izvo zvinotungamirwa kune inozivikanwa IDE "NetBeans" uye iri kushandisa mukuumbiridza maitiro kugovera iyo malware.

Kuongorora kwakaratidza izvozvo nerubatsiro rwe malware iri mubvunzo, iyo yainzi Octopus Scanner, kumashure kwakange kwakavanzwa zvakavanzika muzvirongwa makumi maviri nezvitanhatu zvakavhurwa ine zvinyorwa paGitHub. Maitiro ekutanga eiyo Octopus Scanner kuratidzwa akanyorwa muna Nyamavhuvhu 2018.

Kuchengetedza iyo yakavhurwa sosi yekupa cheni ibasa rakakura. Inoenda kunopfuura kwekuongorora kwekuchengetedza kana kungobata maCVE achangoburwa. Kugovera cheni chengetedzo kuri pamusoro pekuvimbika kweiyo yese software kuvandudza uye kuendesa ecosystem. Kubva pakuteedzana kwekodhi, kusvika pakuyerera kwavanoita nepombi yeCI / CD, kusvika pakuendesa chaiko kuburitswa, pane mukana wekurasikirwa nehunhu uye nenyaya dzekuchengetedza, mukati mehupenyu hwese.

Nezve Octopus Scanner

Iyi malware yakawanikwa unogona kuona mafaera nemaNetBeans mapurojekiti uye wedzera yako wega kodhi kuronga mafaira uye kuunganidza maJAR mafaera.

Iyo inoshanda algorithm kutsvaga iyo NetBeans dhairekitori nemapurojekiti evashandisi, iterate pamusoro pemapurojekiti ese mune ino dhairekitori kukwanisa kuisa script yakaipa mu nbproject / cache.dat uye ita shanduko kune iyo nbproject / kuvaka-impl.xml faira kudaidza iyi script nguva yega yega chirongwa ichivakwa.

Panguva yekusangana, kopi yemarware inosanganisirwa mumafaira eJAR anokonzeresa, inova sosi yekuwedzera yekugovera. Semuenzaniso, mafaira akashata akaiswa muzvinyorwa zvezvakataurwa pamusoro apa makumi maviri neshanu mapurojekiti akavhurika, pamwe nemamwe mapurojekiti akasiyana siyana kana uchiburitsa inovaka vhezheni nyowani.

Musi waKurume 9, takagamuchira meseji kubva kumutsvagurudzi wezvekuchengetedza achitizivisa nezve seti yemabhuku akachengetedzwa paGitHub angave aishandira malware zvisina chinangwa. Mushure mekuongorora kwakadzama kweiyo malware pachayo, takawana chimwe chinhu chataive tisati tamboona papuratifomu yedu: malware yakagadzirirwa kuverenga mapurojekiti eNetBeans uye kuisa mukamuri rekumashure iro rinoshandisa iyo yekuvaka maitiro uye izvo zvinoguma zvigadzirwa zvekuparadzira.

Kana uchiisa uye uchitanga purojekiti ine yakaipa JAR faira nemumwe mushandisi, iyo inotevera yekutsvaga kutenderera yeNetBeans uye kuiswa kwekodhi yakaipa inotanga mune yako system, inoenderana neyakashanda modhi yekuzviparadzira hutachiona hwemakomputa.

Mufananidzo 1: Yakaparadzwa Octopus Scan

Pamusoro pekushanda kwega-kwekuparadzira, iyo yakaipa kodhi inosanganisirawo backdoor mabasa ekupa kure kure kune iyo system. Panguva iyo chiitiko ichi chakaongororwa, maseva ekumashure manejimendi (C&C) anga asingashande.

Pakazara, kana uchidzidza izvo zvakakanganiswa zvirongwa, 4 hutachiona hwakasiyana hwakaratidzwa. Mune imwe yesarudzo dzekumisikidza musuwo wekumashure muLinux, iyo autorun faira «$ HOME / .config / autostart / octo.desktop » uye paWindows, mabasa acho akatanga kuburikidza nema schtasks kutanga.

Iyo yekumashure imba inogona kushandiswa kuwedzera mabhukumaki kune ekuvandudza-akagadzira kodhi, kuronga kodhi kuburitsa kubva kumidziyo masisitimu, kuba data rakaoma, uye kutora maakaundi.

Pazasi pane yepamusoro-chikamu kutarisisa kwekushanda kweOctopus scanner:

  1. Ziva mushandisi weNetBeans dhairekitori
  2. Nyora mapurojekiti ese muNetBeans dhairekitori
  3. Takura kodhi iri cache.datanbproject / cache.dat
  4. Chinja nbproject / kuvaka-impl.xml kuve nechokwadi chekuti mubhadharo unoitwa pese panogadzirwa chirongwa cheNetBeans
  5. Kana iyo yakaipa payload iri yeiyo Octopus scanner, iyo ichangogadzirwa faira reJAR yakatapukirwa

GitHub vaongorori havabvisi icho chiito chakaipa hachiganhurirwe kuNetBeans uye panogona kunge paine zvimwe zvakasiyana zveOctopus Scanner izvo zvinogona kubatanidzwa mune yekuvaka maitiro anoenderana ne Make, MsBuild, Gradle uye mamwe masisitimu.

Mazita emapurojekiti akanganiswa haana kutaurwa, asi anogona kuwanikwa nyore kuburikidza neGitHub yekutsvaga mask "CACHE.DAT".

Pakati pezvirongwa zvakawana zvisaririra zvezviito zvakashata: V2Mp3Player, JavaPacman, Kosim-Chimiro, 2D-Fizikisi-iyo Simulation, PacmanGame, GuessTheAnimal, SnakeCenterBox4, CallCenter, ProyectoGerundio, pacman-java_ia, SuperMario- FR-.

mabviro: https://securitylab.github.com/


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Mocovirud akadaro