Seems near-impossible for this to actually be in the wild. According to https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain macOS developer machines seem unaffected. For Linux / Windows developer machines look for:
* nbproject/cache.dat files * $HOME/.local/share/octo * $HOME/.config/autostart/octo.desktop * $TEMP/../Microsoft/Cache134.dat Infected build artifacts will also work on macOS and create: * $HOME/Library/LaunchAgents/AutoUpdater.dat * $HOME/.local/share/bbauto * $HOME/Library/LaunchAgents/AutoUpdater.plist * $HOME/.config/autostart/none.desktop * $HOME/.config/autostart/.desktop * $HOME/Library/LaunchAgents/SoftwareSync.plist * %TEMP%\..\Microsoft\ExplorerSync.db --emi On Fri, May 29, 2020 at 10:09 PM Peter Steele <steeleh...@gmail.com> wrote: > > Hi > > Saw this > > https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/ > > Do we know anything more about this? > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org For additional commands, e-mail: users-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
