Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).
The malware dubbed Octopus Scanner by researchers at the GitHub Security Lab compromises the NetBeans repositories by planting malicious payloads within JAR binaries, project files and dependencies, later spreading to downstream development systems.
"Infecting build artifacts is a means to infect more hosts since the infected project will most likely get built by other systems and the build artifacts will probably be loaded and executed on other systems as well," the researchers explain.
GitHub’s Security Incident Response Team (SIRT) was notified by security researcher JJ on March 9 about GitHub repositories that were serving as malware delivery points.
While investigating this malware, GitHub Security Lab researchers found 26 open source projects compromised by Octopus Scanner that inadvertently served up its backdoored code to any developers that would fork or clone the repos.