Security News > 2020 > June > Octopus Scanner Sinks Tentacles into GitHub Repositories

Octopus Scanner Sinks Tentacles into GitHub Repositories
2020-06-02 15:32

The Octopus Scanner malware, which targets the Apache NetBeans Java integrated development environment, has been nesting in at least 26 GitHub source-code repositories, according to researchers - waiting to take over developer machines.

Once a developer does so, Octopus Scanner unfurls itself, first scanning the developer's computer for the presence of NetBeans.

"If Octopus Scanner detects NetBeans, it proceeds to install an initial-stage dropper, which in turn fetches and executes a remote access trojan, thus providing the attackers with full control over the target machine. Then, for persistence, the malware blocks overwrites and new project builds, so that the infected code isn't superseded with an update or any changes."

As Brian Fox, CTO at Sonatype, explained via email, Octopus Scanner spreads like a worm, promulgating itself by infecting the NetBeans projects that the developer is working on.

"A NetBeans project build consists of multiple steps, but the Octopus Scanner malware is only interested in the pre-jar and post-jar tasks," explained the GitHub researchers.


News URL

https://threatpost.com/octopus-scanner-tentacles-github-repositories/156204/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95
Octopus 6 0 48 30 5 83