The malware explicitly targets NetBeans:
The malware is capable of identifying the NetBeans project files and embedding
malicious payload both in project files and build JAR files. Below is a high
-evel description of the Octopus Scanner operation:
• Identify user's NetBeans directory
• Enumerate all projects in the NetBeans directory
• Copy malicious payload cache.dat to nbproject/cache.dat
• Modify the nbproject/build-impl.xml file to make sure the malicious
payload is executed every time NetBeans project is build
• If the malicious payload is an instance of the Octopus Scanner itself
the newly built JAR file is also infected.
Though they did also mention:
"If malware developers took the time to implement this malware specifically for
NetBeans, it means that it could either be a targeted attack, or they may
already have implemented the malware for build systems such as Make, MsBuild,
Gradle and others as well and it may be spreading unnoticed," GitHub added.
I’m not sure if there is any sort of sanity check NB can do to the cache.dat
file to help prevent this.
Scott
> On May 29, 2020, at 3:16 PM, Geertjan Wielenga <geert...@apache.org> wrote:
>
>
> It seems to be saying that a build system that uses Apache Ant can be
> poisoned by malware. That probably is equally true for Gradle and Apache
> Maven — so I don’t understand why they’re picking on Ant.
>
> Gj
>
> On Fri, 29 May 2020 at 21:09, Peter Steele <steeleh...@gmail.com
> <mailto:steeleh...@gmail.com>> wrote:
> Hi
>
> Saw this
>
> https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
>
> <https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/>
>
> Do we know anything more about this?
>
>
