Open Source Code: Trojan Horse for Attacks?


On June 2, it was revealed that the Octopus Scanner malware had infected at least 26 open source code repositories on GitHub. Once downloaded, the malware specifically targets the Apache NetBeans Java integrated development environment (IDE), which is used to create applications from modular components, and executes a remote access trojan (RAT) to gain full control of the target’s machine. By infecting developers’ tools, the malware can rapidly escalate access to any additional projects, production environments and password databases the developer has access to.

Read more…