All the latest UK technology news, reviews and analysis


Google Code fast becoming hackers' malware mule

19 Aug 2013
malware virus security

A second cyber attack that hides malware in Google Code has been found, according to Zscaler researchers.

Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a public blog post that attackers are targeting vulnerabilities in Google's validation procedures. "Recently we blogged about Google Code hosting malware. Within a month we have observed a second instance where malicious .jar files are being hosted on Google Code," said Kulkarni.

"Using Google code to distribute malware seems to be increasing in popularity, no doubt due not only to the free hosting provided, but also to the positive reputation of the Google.com domain. This indicates that there is presently inadequate validation performed by Google prior to content being uploaded to the Google Code site."

The original Google Code attack was uncovered by Zscaler ThreatLabZ security researcher Chris Mannon at the start of August. Unlike the first incident, Kulkarni said the second outbreak hides malware on the hxxp://update-java.googlecode.com and hxxps://code.google.com/p/update-java URLs. He said that, while troubling, the architecture of the attack indicates that the hackers' only goal is to store malware in Google Code.

"The two projects are hosted on 'code.google.com' by the same uploader who has an email ID of 'daicadad...@gmail.com'. The second project is also currently live (hosted at "hxxp://code.google.com/p/update-java-download") and contains the same 'Client.jar' file. You will note that other links within the projects like Project Home, Wiki and Issues contain minimal information about the project, suggesting that malware-hosting was the only goal," he wrote.

Kulkarni noted that the malware has likely been hiding in Google code for some time, predicting that the number of attacks targeting the platform will continue until the company adds more robust security. 

"In the past, we have seen sites such as Dropbox, Google Code and other free hosting providers being leveraged to deliver malware. Free hosting providers, especially those with a positive reputation are becoming popular for attackers to serve malicious content. Enterprises and end users alike, should consider any third-party content, regardless of location, to be untrusted until it has been appropriately scanned," he wrote.

Zscaler is one of many companies to criticise Google's security protocols. Independent security researcher Elliott Kember came to blows with the company earlier this month over how Google's Chrome browser stores passwords.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
21%
6%
3%
2%
68%

Popular Threads

Powered by Disqus
Galaxy S5 vs Nexus 5 head to head review front

Galaxy S5 vs Nexus 5 video review

We compare Samsung and Google's top devices

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Lead Software Developer - Java / J2EE / Hibernate / MVC / TDD

Lead Software Developer - Java / J2EE / Hibernate / MVC...

Oracle Financials Support Analyst

Oracle Financials Technical Support Analyst Oracle...

Oracle Applications DBA

Oracle Applications DBA Database Administrator - Oracle...

Senior Oracle Applications Functional Analyst

Senior Oracle Applications Functional Analyst Senior...
To send to more than one email address, simply separate each address with a comma.