All the latest UK technology news, reviews and analysis

Google Code fast becoming hackers' malware mule

19 Aug 2013
malware virus security

A second cyber attack that hides malware in Google Code has been found, according to Zscaler researchers.

Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a public blog post that attackers are targeting vulnerabilities in Google's validation procedures. "Recently we blogged about Google Code hosting malware. Within a month we have observed a second instance where malicious .jar files are being hosted on Google Code," said Kulkarni.

"Using Google code to distribute malware seems to be increasing in popularity, no doubt due not only to the free hosting provided, but also to the positive reputation of the domain. This indicates that there is presently inadequate validation performed by Google prior to content being uploaded to the Google Code site."

The original Google Code attack was uncovered by Zscaler ThreatLabZ security researcher Chris Mannon at the start of August. Unlike the first incident, Kulkarni said the second outbreak hides malware on the hxxp:// and hxxps:// URLs. He said that, while troubling, the architecture of the attack indicates that the hackers' only goal is to store malware in Google Code.

"The two projects are hosted on '' by the same uploader who has an email ID of ''. The second project is also currently live (hosted at "hxxp://") and contains the same 'Client.jar' file. You will note that other links within the projects like Project Home, Wiki and Issues contain minimal information about the project, suggesting that malware-hosting was the only goal," he wrote.

Kulkarni noted that the malware has likely been hiding in Google code for some time, predicting that the number of attacks targeting the platform will continue until the company adds more robust security. 

"In the past, we have seen sites such as Dropbox, Google Code and other free hosting providers being leveraged to deliver malware. Free hosting providers, especially those with a positive reputation are becoming popular for attackers to serve malicious content. Enterprises and end users alike, should consider any third-party content, regardless of location, to be untrusted until it has been appropriately scanned," he wrote.

Zscaler is one of many companies to criticise Google's security protocols. Independent security researcher Elliott Kember came to blows with the company earlier this month over how Google's Chrome browser stores passwords.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Technicial Lead

Technical Leads play a key role in managing and enabling...

Lead Developer

Lead .Net Developer (C#.NET, ASP.NET) Newcastle upon...

Project and Risk Assurance Executive

Project and Risk Assurance Executive - Holborn, Central...

ASP.Net / C# Developer

ASP.Net / C# Developer Rugby We require an ASP.Net...
To send to more than one email address, simply separate each address with a comma.