Last year, in that place was give-and-take of Google Code, a site which allows developers to host their projects, existence used to spread malware. zScaler enquiry establish nonetheless around other illustration where Google Code is existence used to spread malware. According to Google Code site,
“Project Hosting on Google Code provides a complimentary collaborative evolution surroundings for opened upward source projects. Each projection comes amongst its ain fellow member controls, Subversion/Mercurial repository, number tracker, wiki pages, together with downloads section. Our projection hosting service is simple, fast, reliable, together with scalable, together with hence that you lot tin focus on your ain opened upward source development”.The malicious projection inwards enquiry has well-nigh 50+ executable stored inwards the download department of the project.
Most of the files are executable files along amongst zipped “.rar” files. The fourth dimension stamps demo that the files direct maintain been uploaded over the course of didactics of the final month. This suggests that an assaulter is actively using this complimentary service to spread malware. Virustotal results for the get-go file, show that solely viii antivirus vendors out of 43 flagged the file every bit malicious. The detection ratio for 2nd file is slightly ameliorate than that of the get-go file.Analysis of all files shows that they are all malicious threats including Trojans horses, backdoors, password stealing Keyloggers for online games such every bit “World of Warcraft” etc. Analysis of the file resources from ThreatExpert study indicates the possible dry reason of rootage is China. Interestingly, Google Code FAQ page says they volition accept downward the whole projection if they bring out malware existence hosted on the project.
Google has forthwith taken downward the projection together with URL to that projection is no longer accessible.
Source: zScaler Research
Share This :
comment 0 Comments
more_vert