Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a public blog post that attackers are targeting vulnerabilities in Google's validation procedures. "Recently we blogged about Google Code hosting malware. Within a month we have observed a second instance where malicious .jar files are being hosted on Google Code," said Kulkarni.
"Using Google code to distribute malware seems to be increasing in popularity, no doubt due not only to the free hosting provided, but also to the positive reputation of the Google.com domain. This indicates that there is presently inadequate validation performed by Google prior to content being uploaded to the Google Code site."
The original Google Code attack was uncovered by Zscaler ThreatLabZ security researcher Chris Mannon at the start of August. Unlike the first incident, Kulkarni said the second outbreak hides malware on the hxxp://update-java.googlecode.com and hxxps://code.google.com/p/update-java URLs. He said that, while troubling, the architecture of the attack indicates that the hackers' only goal is to store malware in Google Code.
"The two projects are hosted on 'code.google.com' by the same uploader who has an email ID of 'daicadad...@gmail.com'. The second project is also currently live (hosted at "hxxp://code.google.com/p/update-java-download") and contains the same 'Client.jar' file. You will note that other links within the projects like Project Home, Wiki and Issues contain minimal information about the project, suggesting that malware-hosting was the only goal," he wrote.
Kulkarni noted that the malware has likely been hiding in Google code for some time, predicting that the number of attacks targeting the platform will continue until the company adds more robust security.
"In the past, we have seen sites such as Dropbox, Google Code and other free hosting providers being leveraged to deliver malware. Free hosting providers, especially those with a positive reputation are becoming popular for attackers to serve malicious content. Enterprises and end users alike, should consider any third-party content, regardless of location, to be untrusted until it has been appropriately scanned," he wrote.
Zscaler is one of many companies to criticise Google's security protocols. Independent security researcher Elliott Kember came to blows with the company earlier this month over how Google's Chrome browser stores passwords.
No comments:
Post a Comment