On Thursday, GitHub issued a warning about a new malware that’s spreading through open-source NetBeans projects. The malware dubbed “Octopus Scanner” by security researchers has been discovered in projects managed using Apache NetBeans integrated development environment (IDE).
GitHub revealed that it has found 26 NetBeans repositories affected by Octopus Scanner malware. When a user tries to download any of these repositories, the malware starts spreading by searching for NetBeans IDE installation on the target computer. Then, it infects the other java projects, and thus the cycle of self-spreading repeats itself.
According to researchers, Octopus Scanner malware can infect Windows, Linux, and macOS devices. It operates by planting a malicious payload in the JAR binaries, dependencies, and other project files.
The end goal of the malware is to download a remote access trojan (RAT) on the infected device. The operator behind the malware, then, could access any sensitive information from impacted users’ computers.
Octopus Scanner is not a new malware as it has been going for a couple of years now. The earliest trace of malware can be found from August 2018, uploaded on the VirusTotal Web Scanner.
GitHub’s security team fears that the bad actors behind the malware may have also targeted other build systems apart from NetBeans.
“It was interesting that this malware attacked the NetBeans build process specifically since it is not the most common Java IDE in use today.”
GitHub hasn’t disclosed the names of the 26 repositories affected by the Octopus Scanner, but it has detailed the infection process of the malware. If you think there are chances that you’re using a compromised repository, you can read it to know more about the malware.