Isithwebuli se-Octopus: i-malware ethinta ama-NetBeans futhi ivumela ukubekwa kwangemuva

Darkcrizt

Imizuzu ye-4

Isaziso sokuthi Kutholwe amaphrojekthi ahlukahlukene wokutheleleka kwi-GitHub uhlelo olungayilungele ikhompyutha lokho kuqondiswe ku-IDE "NetBeans" edumile futhi esebenzisa inqubo yokuhlanganisa ukusabalalisa i-malware.

Uphenyo lukhombisile lokho ngosizo lwe-malware okukhulunywa ngayo, okwakuthiwa i-Octopus Scanner, iminyango yangemuva yayifihlwe ngokufihlekile emisebenzini evulekile engu-26 ngezinqolobane ku-GitHub. Imikhondo yokuqala yokubonakaliswa kwe-Octopus Scanner yango-Agasti 2018.

Ukuqinisekisa ukutholakala komthombo ovulekile kungumsebenzi omkhulu. Ihamba ngaphezu kokuhlolwa kokuphepha noma ukumaka nje ama-CVEs wakamuva. Ukuphepha kokuthengwa kwempahla kumayelana nobuqotho bayo yonke intuthuko yesoftware kanye nokulethwa kwemvelo Ukusuka ekuyekethisweni kwekhodi, kuye lapho kugeleza khona ngepayipi le-CI / CD, kuye ekulethweni kwangempela kokukhishwa, kunethuba lokulahleka kobuqotho nezinkinga zokuphepha, kuwo wonke umjikelezo wempilo.

Mayelana ne-Octopus Scanner

Le malware itholakele ungawabona amafayela anamaphrojekthi we-NetBeans bese ufaka eyakho ikhodi ukukhiqiza amafayela nokuqoqa amafayela we-JAR.

I-algorithm esebenzayo ukuthola umkhombandlela weNetBeans ngamaphrojekthi womsebenzisi, iterate phezu kwawo wonke amaphrojekthi akulesiqondisi ukwazi ukubeka iskripthi esibi ku-nbproject / cache.dat bese wenza izinguquko kufayela le-nbproject / build-impl.xml ukubiza lo mbhalo njalo lapho iphrojekthi yakhiwa.

Ngesikhathi sokuhlanganiswa, ikhophi le-malware lifakiwe kumafayili we-JAR, eba ngumthombo owengeziwe wokusatshalaliswa. Isibonelo, amafayela amabi afakwa ezinqolobaneni zamaphrojekthi avuliwe angenhla angama-26, nakwamanye amaphrojekthi ahlukahlukene lapho kukhishwa ukwakhiwa kwezinguqulo ezintsha.

NgoMashi 9, sathola umlayezo ovela kumcwaningi wezokuphepha esazisa ngeqoqo lezinqolobane ezazisingathwe kwiGitHub okungenzeka ukuthi zazisebenzisa i-malware ngokungenhloso. Ngemuva kokuhlaziywa okujulile kwe-malware uqobo, sithole okuthile ebesingakaze sikubone ngaphambili kwipulatifomu yethu: i-malware eyenzelwe ukubala amaphrojekthi we-NetBeans futhi yafaka ngaphakathi kwangemuva okusebenzisa inqubo yokwakha nezinto zayo zobuciko ukusabalalisa.

Lapho ulayisha futhi uqala iphrojekthi ngefayela le-JAR elibi ngomunye umsebenzisi, umjikelezo olandelayo wokusesha ye-NetBeans nokwethulwa kwekhodi enonya iqala kusistimu yakho, ehambelana nemodeli yokusebenza yamagciwane ekhompyutha azisabalalisayo.

Umdwebo 1: Ukuskena kwe-Octopus Scan

Ngaphezu kokusebenza kokuzisabalalisa ngokwakho, ikhodi enonya ifaka phakathi nemisebenzi yangemuva yokunikeza ukufinyelela okukude kohlelo. Ngesikhathi kuhlaziywa lesi sigameko, amaseva we-backdoor management (C & C) abengasebenzi.

Ngokuphelele, lapho kufundwa amaphrojekthi athintekile, 4 izinhlobo zokutheleleka zembuliwe. Kwenye yezinketho zokuqalisa umnyango wangemuva ku-Linux, ifayela le-autorun «$ IKHAYA / .config / autostart / octo.desktop » futhi emafasiteleni imisebenzi yaqalwa ngokusebenzisa ama-schtasks ukuqala.

I-backdoor ingasetshenziselwa ukufaka amabhukumaka kukhodi eyenziwe ngonjiniyela, ukuhlela ukuvuza kwekhodi kusuka kumasistimu okuphathelene, ukweba idatha ebucayi nokubamba ama-akhawunti.

Ngezansi ukubuka phezulu kwezinga eliphezulu lokusebenza kwesithwebuli se-Octopus:

  1. Khomba umkhombandlela womsebenzisi weNetBeans
  2. Faka kuhlu wonke amaphrojekthi kumkhombandlela weNetBeans
  3. Layisha ikhodi ku-cache.datanbproject / cache.dat
  4. Shintsha i-nbproject / build-impl.xml ukuze uqiniseke ukuthi ukulayishwa kwenziwa ngaso sonke isikhathi lapho iphrojekthi yeNetBeans yakhiwa
  5. Uma ukulayishwa kuyisibonelo sesithwebuli se-Octopus, ifayili le-JAR elisanda kudalwa nalo lithelelekile.

Abacwaningi beGitHub ababandakanyi umsebenzi onobungozi awukhawulelwe kuma-NetBeans futhi kungahle kube nokunye okwehlukile kwe-Octopus Scanner lokho kungahlanganiswa nenqubo yokwakha ngokuya ngeMake, MsBuild, Gradle nezinye izinhlelo.

Amagama wamaphrojekthi athintekile awashiwo, kepha angatholakala kalula ngokuseshwa kweGitHub kwemaski "CACHE.DAT".

Phakathi kwamaphrojekthi athola imikhondo yomsebenzi ononya: V2Mp3Player, JavaPacman, Kosim-Framework, 2D-Physics-the Simulations, PacmanGame, GuessTheAnimal, SnakeCenterBox4, CallCenter, ProyectoGerundio, pacman-java_ia, SuperMario-FR-.

Umthombo: https://securitylab.github.com/


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-Mocovirud kusho
    kwenza iminyaka 4

    Ngqo lapho iMicrosoft ithenge i-github:

    https://www.google.es/amp/s/www.xataka.com/aplicaciones/oficial-microsoft-compra-github-7-500-millones-dolares/amp?espv=1

    Ukuqondana ngokweqile, ahem.

    Phendula uMocovirud