Level 60
Content Creator
Malware Hunter
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

The malware dubbed Octopus Scanner by researchers at the GitHub Security Lab compromises the NetBeans repositories by planting malicious payloads within JAR binaries, project files and dependencies, later spreading to downstream development systems.

"Infecting build artifacts is a means to infect more hosts since the infected project will most likely get built by other systems and the build artifacts will probably be loaded and executed on other systems as well," the researchers explain.

GitHub’s Security Incident Response Team (SIRT) was notified by security researcher JJ on March 9 about GitHub repositories that were serving as malware delivery points.

While investigating this malware, GitHub Security Lab researchers found 26 open source projects compromised by Octopus Scanner that inadvertently served up its backdoored code to any developers that would fork or clone the repos.


Level 10
Heh, clever! I was just partway through the exercise of doing a similar POC but with Microsoft Visual Studio / MSBuild.

this looks well polished, considering how cross-platform it is. Linux might be the worst affected, though macOS is right up there.... Both of those platforms don't have a lot of realtime antivirus options nor is it customary to run them.

(FWIW in my opinion this is NOT a call to arms to install antivirus on macOS necessarily.... Some of the drivers for antiviruses are pretty concerning in how they're written, considering macOS's kernel was not designed in a way to provide scan points, unlike Microsoft)