All the latest UK technology news, reviews and analysis


Google Code fast becoming hackers' malware mule

19 Aug 2013
malware virus security

A second cyber attack that hides malware in Google Code has been found, according to Zscaler researchers.

Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a public blog post that attackers are targeting vulnerabilities in Google's validation procedures. "Recently we blogged about Google Code hosting malware. Within a month we have observed a second instance where malicious .jar files are being hosted on Google Code," said Kulkarni.

"Using Google code to distribute malware seems to be increasing in popularity, no doubt due not only to the free hosting provided, but also to the positive reputation of the Google.com domain. This indicates that there is presently inadequate validation performed by Google prior to content being uploaded to the Google Code site."

The original Google Code attack was uncovered by Zscaler ThreatLabZ security researcher Chris Mannon at the start of August. Unlike the first incident, Kulkarni said the second outbreak hides malware on the hxxp://update-java.googlecode.com and hxxps://code.google.com/p/update-java URLs. He said that, while troubling, the architecture of the attack indicates that the hackers' only goal is to store malware in Google Code.

"The two projects are hosted on 'code.google.com' by the same uploader who has an email ID of 'daicadad...@gmail.com'. The second project is also currently live (hosted at "hxxp://code.google.com/p/update-java-download") and contains the same 'Client.jar' file. You will note that other links within the projects like Project Home, Wiki and Issues contain minimal information about the project, suggesting that malware-hosting was the only goal," he wrote.

Kulkarni noted that the malware has likely been hiding in Google code for some time, predicting that the number of attacks targeting the platform will continue until the company adds more robust security. 

"In the past, we have seen sites such as Dropbox, Google Code and other free hosting providers being leveraged to deliver malware. Free hosting providers, especially those with a positive reputation are becoming popular for attackers to serve malicious content. Enterprises and end users alike, should consider any third-party content, regardless of location, to be untrusted until it has been appropriately scanned," he wrote.

Zscaler is one of many companies to criticise Google's security protocols. Independent security researcher Elliott Kember came to blows with the company earlier this month over how Google's Chrome browser stores passwords.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
22%
14%
5%
17%
31%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 smartphone running Android KitKat 4.4

Sony Xperia Z2 video

We test out the latest Android KitKat flagship from Sony

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Business Systems Architect

Westminster is a successful and ambitious modern University...

Agile Java Developer

Agile Java Developer, Central London, £40-60k A leading...

Senior PHP (JavaScript / node.js developer)

Senior PHP (JavaScript / node.js developer) Assertis...
To send to more than one email address, simply separate each address with a comma.