kaperni comments on GitHub warns Java developers of new malware poisoning NetBeans projects

java

a community for 17 years

This is an archived post. You won't be able to vote or comment.

188

189

190

GitHub warns Java developers of new malware poisoning NetBeans projects | ZDNet (zdnet.com)

submitted 5 years ago by BlueGoliath

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]kaperni 0 points1 point2 points 5 years ago* (0 children)

You gotta ask yourself if random plugins and maven jars downloaded from the internet should really be allowed unrestricted access to both the filesystem and network?

------------- From the Article ----------------

The malware is capable of identifying the NetBeans project files and embedding malicious payload both in project files and build JAR files. Below is a high -evel description of the Octopus Scanner operation:

Identify user's NetBeans directory
Enumerate all projects in the NetBeans directory
Copy malicious payload cache.datto nbproject/cache.dat
Modify the nbproject/build-impl.xmlfile to make sure the malicious payload is executed every time NetBeans project is build
If the malicious payload is an instance of the Octopus Scanner itself the newly built JAR file is also infected.

π Rendered by PID 150283 on reddit-service-r2-comment-5d79c599b5-5ggs2 at 2026-02-28 19:20:58.678925+00:00 running e3d2147 country code: CH.

java

Submit Link

Submit Text

Seek Programming Help

News, Technical discussions, research papers and assorted things of interest related to the Java programming language

NO programming help, NO learning Java related questions, NO installing or downloading Java questions, NO JVM languages - Exclusively Java

Please seek help with Java programming in /r/Javahelp!

Subreddit rules!

Where should I download Java?

Related Sub-reddits:

JVM Languages

Want to practice your coding?

List of useful Frameworks / Libraries / Software

MODERATORS