Octopus Scanner
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 37 |
| First Seen: | January 7, 2013 |
| Last Seen: | August 10, 2021 |
| OS(es) Affected: | Windows |
The Octopus Scanner is a recently spotted threat that was present in several GitHub projects, which were available publicly. The projects in question were developed via the Apache NetBeans IDE (Integrated Development Environment) service.
After studying this threat, cybersecurity analysts found that the Octopus Scanner has been programmed to scan the compromised host for available Apache NetBeans IDE projects. When the Octopus Scanner detects an accessible project, it will inject its code into it. This allows the Octopus Scanner to propagate itself silently via compromised Apache NetBeans IDE projects that have been uploaded online. However, the Octopus Scanner also is capable of taking over the infected hosts by deploying a RAT (Remote Access Trojan) created in the JAVA programming language.
The first time malware experts came across the Octopus Scanner was in August 2018. According to researchers, there have been 26 GitHub projects that contain the corrupted code of the Octopus Scanner, which is a rather low infection count. This is likely due to the fact that the Octopus Scanner’s criteria limits its reach severely. Despite its limited reach, the Octopus Scanner has one key privilege – this threat infects systems that are used for the development of various software. The creators of the Octopus Scanner have likely added the feature that allows them to take control over a system in case they manage to breach a large company involved in software development. This would allow the authors of the Octopus Scanner to obtain confidential documents, unreleased tools, projects, etc. Getting access to such data may allow the creators of the Octopus Scanner to plant a corrupted code into the company’s products, which will be offered to the public.
It is intriguing why the authors of the Octopus Scanner have opted to target developers using the Apache NetBeans IDE, as it is not among the most popular tools for creating software.
