Octopus Malware: New Attack Compromises 26 OSS Projects On GitHub – Industry Comment

Following the news that Octopus Malware, a new form of attack, has compromised 26 OSS projects on GitHub, please find commentary from an industry expert.


EXPERTS COMMENTS
Brian Fox, CTO,  Sonatype
June 01, 2020
This attack infects developer tools that subsequently infect all of the projects they are working on.
The Octopus Scanner Malware validates the importance of analysing binaries within your code and not taking the word of the manifest. What makes Octopus so dangerous is that it has the capability to infect other JAR files in the project so a developer ends up using and distributing the mutated code to their team or community of open source users. We’ve seen over 20 one-off attempts at malicio ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article