Last year, there were discussions about Google Code—a platform that lets developers host their projects—being exploited to distribute malware. Research by zScaler has identified yet another instance where this platform has been misused. According to the Google Code site:
"Project Hosting on Google Code provides a free collaborative development environment for open source projects. Each project includes its own member controls, Subversion/Mercurial repository, issue tracker, wiki pages, and downloads section. Our hosting service is designed to be simple, fast, reliable, and scalable, enabling you to concentrate on your open source development."
The concerning project contained over 50 executable files in its download section. These files, mainly executable and zipped ".rar" files, have been uploaded over the past month, indicating that an attacker is actively using this free service to disseminate malware. VirusTotal results for the first file revealed that only 8 out of 43 antivirus vendors flagged it as malicious. The detection rate for the second file was slightly higher.
Further analysis confirmed that all the files are malicious threats, including Trojans, backdoors, and password-stealing keyloggers targeting online games such as "World of Warcraft." A ThreatExpert report suggested that the files might originate from China.
Interestingly, the Google Code FAQ page mentions that they will remove an entire project if malware is found on it. Following this policy, Google has already taken down the project, and the URL to that project is no longer accessible.
