GitHub Security BlogWarningOpen source supply chain attack on Octopus scanner for Apache NetBeans ide project. GitHub said it received a warning on March 9 from a security researcher called JJ that it had found a set of open source libraries infected with the malicious program Octopus scanner.
Once infected, the malicious program will look for the "NetBeans" project on the user development system, and then embed the malicious load into the project file, and each project construction will execute the malicious load.
GitHub then launched an investigation and found that 26 open source projects had been implanted into the octopus scanner back door.
GitHub said it had uploaded samples to VirusTotal, and only 4 of the 60 anti-virus software could detect them. A malicious program disguises itself as ocs.txt File, but it's actually a jar (Java Archive) file.