Iskena se-Octopus: i-malware echaphazela i-NetBeans kwaye ivumela ukubuyiselwa ngasemva

Darkcrizt

Imizuzu ye4

Isaziso sokuba Iiprojekthi ezahlukeneyo zosulelo zifunyenwe kwiGitHub malware ezijolise kwi-IDE edumileyo "yeNetBeans" kwaye kusetyenziswa inkqubo yokudibanisa ukuhambisa i-malware.

Uphando lubonise oko ngoncedo lwe-malware ekuthethwa ngayo, eyayibizwa ngokuba yiOctopus Scanner, ngasemva bezifihlwe ngokufihlakeleyo kwiiprojekthi ezingama-26 ezivulekileyo kunye noovimba kwiGitHub. Umkhondo wokuqala wokubonakaliswa kweskena se-Octopus ngumhla ka-Agasti 2018.

Ukukhusela ubonelelo oluvulekileyo ngumsebenzi omkhulu. Ihamba ngaphaya kovavanyo lokhuseleko okanye ukumane utsala ii-CVEs zamva nje. Ukhuseleko lwekhonkco lonikezo lumalunga nesidima salo lonke uphuhliso lwesoftware kunye nokuhanjiswa kwendalo. Ukusuka kwikhowudi yokuncitshiswa, kwindlela abahamba ngayo ngombhobho we-CI / CD, ukuya ekuhanjisweni kweyona nto, kukho ukubakho kokulahleka kwemfezeko kunye nemicimbi yezokhuseleko, kuwo wonke umjikelo wobomi.

Malunga ne-Octopus Scanner

Le malware ifunyenwe ungazibona iifayile ngeeprojekthi zeNetBeans kwaye ungeze eyakho ikhowudi ukwenza iifayile kunye nokuqokelela iifayile zeJAR.

Ialgorithm esebenzayo kukufumana isikhombisi seNetBeans ngeeprojekthi zomsebenzisi, iterate kuzo zonke iiprojekthi ezikule khowudi ukuze ukwazi ukubeka iskripthi esibi kwi-nbproject / cache.dat kwaye wenze utshintsho kwifayile ye-nbproject / build-impl.xml ukubiza lo mbhalo ngalo lonke ixesha kusakhiwa iprojekthi.

Ngexesha lokudityaniswa, Ikopi ye-malware ibandakanyiwe kwiifayile zeJAR, eziba ngumthombo owongezelelweyo wosasazo. Umzekelo, iifayile ezinobungozi zibekwe kwindawo yokugcina esele ikhankanyiwe yeeprojekthi ezivulekileyo ezingama-26, Kananjalo nakwezinye iiprojekthi xa kukhutshwa ulwakhiwo lweenguqulelo ezintsha.

Ngomhla we-9 ku-Matshi, safumana umyalezo ovela kumphandi wezokhuseleko esazisa malunga neseti yokugcina izinto ezabanjwa kwi-GitHub ezazikhonza ngokungalunganga ngokungalunganga. Emva kohlalutyo olunzulu lwe-malware uqobo, safumanisa into esingazange sayibona ngaphambili kwiqonga lethu: i-malware eyilelwe ukubala iiprojekthi zeNetBeans kwaye ibekwe ngasemva esebenzisa inkqubo yokwakha kunye neziphumo zayo zobugcisa ukusasaza.

Xa ufaka kwaye uqala iprojekthi ngefayile yeJAR enobungozi ngomnye umsebenzisi, umjikelo wokukhangela olandelayo yeNetBeans kunye nokwaziswa kwekhowudi enobungozi iqala kwinkqubo yakho, ehambelana nemodeli yokusebenza yeentsholongwane zekhompyuter ezizisasazayo.

Umzobo 1: Ukuchithwa kweOctopus Scan

Ukongeza kwintsebenzo yokuzihambisa ngokwakho, ikhowudi enobungozi ikwabandakanya imisebenzi yangasemva yokubonelela ngokufikelela okukude kwinkqubo. Ngexesha lokuhlaziywa kwesiganeko, iiseva zolawulo lwangasemva (C & C) bezingasebenzi.

Lilonke, xa kufundwa iiprojekthi ezichaphazelekayo, 4 iintlobo zosulelo zatyhilwa. Kwenye yeenketho zokwenza kusebenze umnyango wangasemva kwiLinux, ifayile ye-autorun «$ IKHAYA / .config / i-autostart / i-octo.desktop » kwaye kwiifestile imisebenzi yaqalwa nge-schtasks ukuqala.

Indawo yangasemva inokusetyenziselwa ukongeza iibhukumaka kwikhowudi ephuhlisiweyo yonjiniyela, ukulungiselela ukuvuza kwekhowudi kwiinkqubo zobunini, ukuba idatha ebuthathaka, kunye nokufaka iiakhawunti.

Apha ngezantsi kukho umbono ophakamileyo wenqanaba lokusebenza kwesikena se-Octopus:

  1. Chonga isikhombisi somsebenzisi seNetBeans
  2. Dwelisa zonke iiprojekthi kulawulo lweNetBeans
  3. Layisha ikhowudi kwi-cache.datanbproject / cache.dat
  4. Guqula i-nbproject / build-impl.xml ukuqinisekisa ukuba umthwalo wentlawulo wenziwa ngalo lonke ixesha kusakhiwa iprojekthi yeNetBeans
  5. Ukuba umthwalo ohlawulelwayo onobungozi ngumzekelo we-Octopus scanner, ifayile ye-JAR esandula ukwasulelwa nayo.

Abaphandi beGitHub ababandakanyi Umsebenzi wobubi awukhawulelwanga kwi-NetBeans kwaye kunokubakho ezinye iindidi zeOctopus Scanner ezinokudityaniswa kwinkqubo yokwakha esekwe kwi-Make, MsBuild, Gradle kunye nezinye iinkqubo.

Amagama eeprojekthi ezichaphazelekayo akhankanyiwe, kodwa anokufumaneka ngokukhangela kwi-GitHub yemaski "CACHE.DAT".

Phakathi kweeprojekthi ezifumanise umkhondo womsebenzi wobubi: I-V2Mp3Player, iJavaPacman, i-Kosim-Isakhelo, i-2D-yeFiziksi-yokulinganisa, iPacmanGame, GuessTheAnimal, SnakeCenterBox4, CallCenter, ProyectoGerundio, pacman-java_ia, SuperMario- FR-.

Umthombo: https://securitylab.github.com/


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   mucovirud sitsho
    yenzayo 4 iminyaka

    Kanye xa iMicrosoft ithenge i-github:

    https://www.google.es/amp/s/www.xataka.com/aplicaciones/oficial-microsoft-compra-github-7-500-millones-dolares/amp?espv=1

    Ukudibana okugqithisileyo, ahem.

    Phendula Mocovirud