Google Code Developer Site Hacked

Monday, August 5, 2013 @ 07:08 PM gHale

Hackers are using the Google Code developer site to spread malware, researchers said.

“Malware writers are now turning to commercial file-hosting sites to peddle their wares,” said Zscaler ThreatLabZ security researcher Chris Mannon who found the issue. “If these legitimate file hosts are not scanning the content they are hosting, it may force network administrators to block the service altogether. The kicker is that this time we see that Google Code seems to have swallowed the bad pill,” he said.

Mac Malware Hides File Extension
Win 8 CAPTCHA Malware
Trojan Speaks Local Languages
Trojan Takes Over Google Docs

He said businesses using the service should adapt their security protocols accordingly to deal with the new threat.

“This incident sets a precedent that no file-hosting service is beyond reproach. Blind trust of specific domains should not be tolerated from an organizational or personal perspective. So set those security privileges to kill and keep one eye open for shady files coming from even a seemingly trusted location.”

The professional-focused site is one of many hit by cyber criminals in recent months. Other websites targeted include the Apple Developer and Nasdaq community forums. Both the attacks were to steal users’ password information rather than alter them to become malware-distribution tools.

Security experts have said the attack is part of a growing trend within the hacker community. FireEye regional technical lead Simon Mullis said he expects to see more similar attacks in the very near future.

“We see this all of the time. In many cases we see fragments of multi-stage attacks for specific campaigns hosted across a variety of intermediate locations. Any site with user-editable content can be used to host part of the malware attack lifecycle,” he said.

The key part remains if the user cannot detect the initial inbound exploit, then the rest of the attack can continue to hide using this approach, researchers said. This technique is not a secret and attackers have used it for years and the traditional security model and simple discrete sandboxing has no answer for it.

Leave a Reply

You must be logged in to post a comment.