GitHub warns Java developers about malware infecting NetBeans projects

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before on their platform.

“It was interesting that this malware attacked the NetBeans build process specifically since it is not the most common Java IDE in use today,” GitHub’s security team said in their report on Thursday.

“If malware developers took the time to implement this malware specifically for NetBeans, it means that it could either be a targeted attack, or they may already have implemented the malware for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed,” GitHub added.

A security researcher tipped GitHub to the issue on March 9th. 

Following a deeper analysis, GitHub found that the malware would infect local computers upon a user downloading any of the 26 discovered projects.

Octopus Scanner would scan a victim’s computer for a NetBeans IDE installation and grab hold – like an octopus, presumably… – of any discovered projects, to infect them and continue replicating.

The malware installs a RAT (Remote Access Trojan) on the local PC as its final step in a bid to discover sensitive data. Using the RAT, an attacker would hope to find confidential information such as upcoming releases or proprietary source code which could be sold on or used for blackmail.

While the malware has only just been discovered, GitHub believes it’s been active for years and has probably infected many more projects than the 26 it found. The oldest sample of the malware discovered by GitHub dates back to August 2018.

(Photo by Zo Razafindramamba on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *