Home > News content

GitHub warns open source supply chain against Octopus scanner

via:开源中国     time:2020/5/30 23:33:25     readed:92

GitHub Security BlogWarningOpen source supply chain attack on Octopus scanner for Apache NetBeans ide project. GitHub said it received a warning on March 9 from a security researcher called JJ that it had found a set of open source libraries infected with the malicious program Octopus scanner.

Once infected, the malicious program will look for the "NetBeans" project on the user development system, and then embed the malicious load into the project file, and each project construction will execute the malicious load.

GitHub then launched an investigation and found that 26 open source projects had been implanted into the octopus scanner back door.

GitHub said it had uploaded samples to VirusTotal, and only 4 of the 60 anti-virus software could detect them. A malicious program disguises itself as ocs.txt File, but it's actually a jar (Java Archive) file.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments