Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). The malware dubbed Octopus Scanner by researchers at the GitHub Security Lab compromises developers’ computers by infecting their NetBeans repositories after planting malicious payloads within JAR binaries, project files and dependencies, later spreading to downstream development systems. “Infecting build artifacts is a means to infect more hosts since the infected project will most likely get built by other systems and the build artifacts will probably be loaded and executed on other systems as well,” the researchers explain.
Source: Bleepingcomputer
