Isaziso sokuthi Kutholwe amaphrojekthi ahlukahlukene wokutheleleka kwi-GitHub uhlelo olungayilungele ikhompyutha lokho kuqondiswe ku-IDE "NetBeans" edumile futhi esebenzisa inqubo yokuhlanganisa ukusabalalisa i-malware.
Uphenyo lukhombisile lokho ngosizo lwe-malware okukhulunywa ngayo, okwakuthiwa i-Octopus Scanner, iminyango yangemuva yayifihlwe ngokufihlekile emisebenzini evulekile engu-26 ngezinqolobane ku-GitHub. Imikhondo yokuqala yokubonakaliswa kwe-Octopus Scanner yango-Agasti 2018.
Ukuqinisekisa ukutholakala komthombo ovulekile kungumsebenzi omkhulu. Ihamba ngaphezu kokuhlolwa kokuphepha noma ukumaka nje ama-CVEs wakamuva. Ukuphepha kokuthengwa kwempahla kumayelana nobuqotho bayo yonke intuthuko yesoftware kanye nokulethwa kwemvelo Ukusuka ekuyekethisweni kwekhodi, kuye lapho kugeleza khona ngepayipi le-CI / CD, kuye ekulethweni kwangempela kokukhishwa, kunethuba lokulahleka kobuqotho nezinkinga zokuphepha, kuwo wonke umjikelezo wempilo.
Mayelana ne-Octopus Scanner
Le malware itholakele ungawabona amafayela anamaphrojekthi we-NetBeans bese ufaka eyakho ikhodi ukukhiqiza amafayela nokuqoqa amafayela we-JAR.
I-algorithm esebenzayo ukuthola umkhombandlela weNetBeans ngamaphrojekthi womsebenzisi, iterate phezu kwawo wonke amaphrojekthi akulesiqondisi ukwazi ukubeka iskripthi esibi ku-nbproject / cache.dat bese wenza izinguquko kufayela le-nbproject / build-impl.xml ukubiza lo mbhalo njalo lapho iphrojekthi yakhiwa.
Ngesikhathi sokuhlanganiswa, ikhophi le-malware lifakiwe kumafayili we-JAR, eba ngumthombo owengeziwe wokusatshalaliswa. Isibonelo, amafayela amabi afakwa ezinqolobaneni zamaphrojekthi avuliwe angenhla angama-26, nakwamanye amaphrojekthi ahlukahlukene lapho kukhishwa ukwakhiwa kwezinguqulo ezintsha.
NgoMashi 9, sathola umlayezo ovela kumcwaningi wezokuphepha esazisa ngeqoqo lezinqolobane ezazisingathwe kwiGitHub okungenzeka ukuthi zazisebenzisa i-malware ngokungenhloso. Ngemuva kokuhlaziywa okujulile kwe-malware uqobo, sithole okuthile ebesingakaze sikubone ngaphambili kwipulatifomu yethu: i-malware eyenzelwe ukubala amaphrojekthi we-NetBeans futhi yafaka ngaphakathi kwangemuva okusebenzisa inqubo yokwakha nezinto zayo zobuciko ukusabalalisa.
Lapho ulayisha futhi uqala iphrojekthi ngefayela le-JAR elibi ngomunye umsebenzisi, umjikelezo olandelayo wokusesha ye-NetBeans nokwethulwa kwekhodi enonya iqala kusistimu yakho, ehambelana nemodeli yokusebenza yamagciwane ekhompyutha azisabalalisayo.
Ngaphezu kokusebenza kokuzisabalalisa ngokwakho, ikhodi enonya ifaka phakathi nemisebenzi yangemuva yokunikeza ukufinyelela okukude kohlelo. Ngesikhathi kuhlaziywa lesi sigameko, amaseva we-backdoor management (C & C) abengasebenzi.
Ngokuphelele, lapho kufundwa amaphrojekthi athintekile, 4 izinhlobo zokutheleleka zembuliwe. Kwenye yezinketho zokuqalisa umnyango wangemuva ku-Linux, ifayela le-autorun «$ IKHAYA / .config / autostart / octo.desktop » futhi emafasiteleni imisebenzi yaqalwa ngokusebenzisa ama-schtasks ukuqala.
I-backdoor ingasetshenziselwa ukufaka amabhukumaka kukhodi eyenziwe ngonjiniyela, ukuhlela ukuvuza kwekhodi kusuka kumasistimu okuphathelene, ukweba idatha ebucayi nokubamba ama-akhawunti.
Ngezansi ukubuka phezulu kwezinga eliphezulu lokusebenza kwesithwebuli se-Octopus:
- Khomba umkhombandlela womsebenzisi weNetBeans
- Faka kuhlu wonke amaphrojekthi kumkhombandlela weNetBeans
- Layisha ikhodi ku-cache.datanbproject / cache.dat
- Shintsha i-nbproject / build-impl.xml ukuze uqiniseke ukuthi ukulayishwa kwenziwa ngaso sonke isikhathi lapho iphrojekthi yeNetBeans yakhiwa
- Uma ukulayishwa kuyisibonelo sesithwebuli se-Octopus, ifayili le-JAR elisanda kudalwa nalo lithelelekile.
Abacwaningi beGitHub ababandakanyi umsebenzi onobungozi awukhawulelwe kuma-NetBeans futhi kungahle kube nokunye okwehlukile kwe-Octopus Scanner lokho kungahlanganiswa nenqubo yokwakha ngokuya ngeMake, MsBuild, Gradle nezinye izinhlelo.
Amagama wamaphrojekthi athintekile awashiwo, kepha angatholakala kalula ngokuseshwa kweGitHub kwemaski "CACHE.DAT".
Phakathi kwamaphrojekthi athola imikhondo yomsebenzi ononya: V2Mp3Player, JavaPacman, Kosim-Framework, 2D-Physics-the Simulations, PacmanGame, GuessTheAnimal, SnakeCenterBox4, CallCenter, ProyectoGerundio, pacman-java_ia, SuperMario-FR-.
Umthombo: https://securitylab.github.com/
Ngqo lapho iMicrosoft ithenge i-github:
https://www.google.es/amp/s/www.xataka.com/aplicaciones/oficial-microsoft-compra-github-7-500-millones-dolares/amp?espv=1
Ukuqondana ngokweqile, ahem.