Security News > 2020 > May > NetBeans Projects on GitHub Targeted in Apparent Supply Chain Attack
GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack.
GitHub learned about the malware, which has been named Octopus Scanner, on March 9 from a security researcher who noticed that several repositories hosted on GitHub had been serving malware, likely without their owners' knowledge.
Open source projects such as the ones targeted by Octopus Scanner can get cloned, forked and used by many others, enabling the malware to spread even more, the company warned.
The fact that the malware specifically targets NetBeans projects is interesting considering that there are other, more popular Java IDEs.
"If malware developers took the time to implement this malware specifically for NetBeans, it means that it could either be a targeted attack, or they may already have implemented the malware for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed," GitHub noted.
News URL
Related news
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- DragonForce ransomware abuses SimpleHelp in MSP supply chain attack (source)