> so I guess this is all just about me. :-) Hehe.
Still, they worked too much to target Ant and NetBeans. I think the Gradle wrapper is a much easier target and developers will run ./gradlew without a 2nd tought. --emi On Fri, May 29, 2020 at 10:25 PM Geertjan Wielenga <geert...@apache.org> wrote: > > > Sure, those are simply Ant files. > > I also wonder about the 26 open source projects they refer to on GitHub, > without naming them, where this problem was encountered. I have about that > number of NetBeans projects in my GitHub repo, so I guess this is all just > about me. :-) > > Gj > > On Fri, 29 May 2020 at 21:22, Scott Palmer <swpal...@gmail.com> wrote: >> >> The malware explicitly targets NetBeans: >> >> The malware is capable of identifying the NetBeans project files and >> embedding malicious payload both in project files and build JAR files. Below >> is a high -evel description of the Octopus Scanner operation: >> >> • Identify user's NetBeans directory >> • Enumerate all projects in the NetBeans directory >> • Copy malicious payload cache.dat to nbproject/cache.dat >> • Modify the nbproject/build-impl.xml file to make sure the malicious >> payload is executed every time NetBeans project is build >> • If the malicious payload is an instance of the Octopus Scanner itself the >> newly built JAR file is also infected. >> >> >> >> Though they did also mention: >> >> "If malware developers took the time to implement this malware specifically >> for NetBeans, it means that it could either be a targeted attack, or they >> may already have implemented the malware for build systems such as Make, >> MsBuild, Gradle and others as well and it may be spreading unnoticed," >> GitHub added. >> >> >> I’m not sure if there is any sort of sanity check NB can do to the cache.dat >> file to help prevent this. >> >> Scott >> >> >> On May 29, 2020, at 3:16 PM, Geertjan Wielenga <geert...@apache.org> wrote: >> >> >> It seems to be saying that a build system that uses Apache Ant can be >> poisoned by malware. That probably is equally true for Gradle and Apache >> Maven — so I don’t understand why they’re picking on Ant. >> >> Gj >> >> On Fri, 29 May 2020 at 21:09, Peter Steele <steeleh...@gmail.com> wrote: >>> >>> Hi >>> >>> Saw this >>> >>> https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/ >>> >>> Do we know anything more about this? >>> >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org For additional commands, e-mail: users-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
