Google Code repository Hosting Trojans

google_codeNew malware have been discovered by Trendmicro that is hosted on Google Code website. This is a very popular web resource that aims to host open source projects developed by the community. The malware is a java Trojan that downloads banker malware and the project called “flashplayerwindows”.

The malware comes to steal sensitive information including bank online account and email information to allow cybercriminal use victims credential and conduct unauthorized transactions. This is not the first case of this kind as the same malware been observed on other compromised websites related to Brazilian government websites. , which affected users from Brazil, the United States, and Angola.

Having the malware hosted on such website will make security software silent during downloading the software packages as it is encrypted with SSL certificate and the protection will come only during executing the payload.

At the moment the project has been removed from Google code and according to Trend Micro “This incident shows that as we have predicted for 2013, legitimate cloud providers like Google Code are likely to come under attack this year. With services like Google Code are likely to increase traction among users, we can expect that similar cases will appear (and increase) in the coming days.”

To protect yourself make sure to apply the following:

  • Install antivirus software with latest signature.
  • Make sure to have all application and software updates to fix any vulnerability on your PC.
  • Use only trusted sources and verify the rate of the project before you download the software.
  • Never click or open attachments from untrusted sources.
Share