New Octopus Scanner malware spreads via GitHub supply chain attack

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

The malware dubbed Octopus Scanner by researchers at the GitHub Security Lab compromises the NetBeans repositories by planting malicious payloads within JAR binaries, project files and dependencies, later spreading to downstream development systems.

"Infecting build artifacts is a means to infect more hosts since the infected project will most likely get built by other systems and the build artifacts will probably be loaded and executed on other systems as well," the researchers explain.

GitHub’s Security Incident Response Team (SIRT) was notified by security researcher JJ on March 9 about GitHub repositories that were serving as malware delivery points.

While investigating this malware, GitHub Security Lab researchers found 26 open source projects compromised by Octopus Scanner that inadvertently served up its backdoored code to any developers that would fork or clone the repos.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Heh, clever! I was just partway through the exercise of doing a similar POC but with Microsoft Visual Studio / MSBuild.

this looks well polished, considering how cross-platform it is. Linux might be the worst affected, though macOS is right up there.... Both of those platforms don't have a lot of realtime antivirus options nor is it customary to run them.

(FWIW in my opinion this is NOT a call to arms to install antivirus on macOS necessarily.... Some of the drivers for antiviruses are pretty concerning in how they're written, considering macOS's kernel was not designed in a way to provide scan points, unlike Microsoft)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top