Security experts have warned of a new virus attack targeting the Delphi code compiler. The virus infects a component within the Delphi library folder, and disguises itself as a legitimate file.
Rather than attempt to simply install other malicious files onto the host machine, however, the virus uses the compiler itself as a means of spreading. When the host machine compiles programs, the virus inserts lines of malicious code, turning the compiled code into a virus delivery system.
Researchers from security firms Sans, McAfee, BitDefender and F-Secure have all reported and analysed the virus, which has so far shown no malicious intent other than replicating itself. No further malware attacks or file downloads have been reported.
But the virus is gaining attention because of its unusual delivery style, which has managed to infect some high-profile applications. German computer magazine ComputerBild warned readers after discovering that one of the files on a recent CD insert was infected with the virus.
The infection also appears to be spreading in more nefarious circles, according to Sans researcher Rick Wanner.
"A funny side-effect is that, in the few days since this virus has been detected in the wild, a number of Trojans have been discovered to be affected with the virus," he said in a blog post. "Obviously they were compiled with an infected Delphi compiler."
BitDefender said that developers can check for the infection by searching for a file in the Delphi library folder named 'SysConst.bak', and then renaming the infected file as 'SysConst.dcu' to prevent compiled applications becoming infected.
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine