"GitHub Uncovers Malicious ‘Octopus Scanner’ Targeting Developers"

GitHub Security Labs has discovered a form of malware that spreads via infected repositories on their systems.  The malware found is called Octopus Scanner.  Octopus Scanner targets Apache NetBeans, which is an integrated development environment used to write Java software. Octopus Scanner works by a developer downloading a project from a repository infected by the software and builds it. This means using the source code to create a working program. The build process activates the malware. Once activated, the malware scans the user's computer to see if they have a NetBeans IDE installed. If they don't, it takes no further action. But if they do, it infects the built files with a dropper that delivers a remote access trojan (RAT) that gives the adversaries control over the user's machine. Octopus Scanner also tries to block any new project builds to replace the infected one, thereby preserving itself on the infected system.  Octopus Scanner doesn't just infect the built files. Most of the variants GitHub found in its scans also infect a project's source code, meaning that any other newly-infected projects mirrored to remote repositories would further spread the malware on GitHub.

Naked Security reports: "GitHub Uncovers Malicious ‘Octopus Scanner’ Targeting Developers"