Security News > 2020 > June > Github uncovers malicious ‘Octopus Scanner’ targeting developers

Github uncovers malicious ‘Octopus Scanner’ targeting developers
2020-06-01 10:28

In its write-up of the attack, the GitHub Security Labs team explains how the malware lurks in source code repositories uploaded to its site, activating when a developer downloads an infected repository and uses it to create a software program.

Most of the variants that GitHub found in its scans also infect a project's source code, meaning that any other newly-infected projects mirrored to remote repositories would spread the malware further on GitHub.

GitHub Security Labs scanned the site's repositories and found 26 of them containing the malware.

Usually GitHub can just shut those repositories down and delete the accounts, but Octopus Scanner was trickier because the developers owning the respositories didn't know they were infected.

Sophos products identify the malware samples listed in the GitHub Security Lab's article by the names Java/Agent-BERX and Java/Agent-BERZ. If you are a NetBeans programmer, you can search for those names in your logs for evidence of Octopus Scanner files in your own build environment.


News URL

https://nakedsecurity.sophos.com/2020/06/01/github-uncovers-malicious-scanner-targeting-developers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95