At least 26 GitHub source-code repositories have been infected with the Octopus Scanner malware. The malware targets the Apache NetBeans Java integrated development environment (IDE) Researchers say the malware has a low detection rate on VirusTotal. They say it has probably been floating around in the GitHub waters since 2018. Researchers say it’s not possible to simply block or delete the repositories or infected files so cleanup can be labor-intensive. In other words, by infecting the open-source supply chain, the malware can spread its tentacles far and wide.
Source: https://threatpost.com/octopus-scanner-tentacles-github-repositories/156204/