Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NetBeans Projects on GitHub Targeted in Apparent Supply Chain Attack

GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack.

GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack.

GitHub learned about the malware, which has been named Octopus Scanner, on March 9 from a security researcher who noticed that several repositories hosted on GitHub had been serving malware, likely without their owners’ knowledge.

An analysis led to the discovery of 26 affected NetBeans projects that had been backdoored. The malware is designed to add malicious code to both project files and newly created JAR files. JAR files got infected with a dropper whose payload was designed to ensure persistence and spawn a remote administration tool (RAT). A RAT is delivered to both UNIX-like and Windows systems.

The malware is also designed to prevent new project builds from replacing ones that have already been infected.

When GitHub analyzed the malicious files in March — the company identified four samples — they were only detected by a handful of antimalware engines on VirusTotal. The detection rate has increased since then, but it’s currently still at only 20/60.

Open source projects such as the ones targeted by Octopus Scanner can get cloned, forked and used by many others, enabling the malware to spread even more, the company warned.

“Since the primary-infected users are developers, the access that is gained is of high interest to attackers since developers generally have access to additional projects, production environments, database passwords, and other critical assets. There is a huge potential for escalation of access, which is a core attacker objective in most cases,” GitHub said.

The fact that the malware specifically targets NetBeans projects is interesting considering that there are other, more popular Java IDEs.

Advertisement. Scroll to continue reading.

“If malware developers took the time to implement this malware specifically for NetBeans, it means that it could either be a targeted attack, or they may already have implemented the malware for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed,” GitHub noted.

The company has pointed out that it provides several features that can help maintain the integrity and security of the open source software supply chain, and it has promised to continue making improvements.

GitHub warned developers last month that their accounts may have been compromised as a result of a sophisticated phishing campaign.

Related: New GitHub Security Lab Aims to Secure Open Source Software

Related: GitHub Adds New Tools to Help Developers Secure Code

Related: New GitHub Features Help Find Vulnerabilities and Secrets in Code

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.