jonesdevelopment
commented
7 months ago Screenshot of the malware code for further analysis and understanding:
Closed jonesdevelopment closed 7 months ago
jonesdevelopment
commented
7 months ago Screenshot of the malware code for further analysis and understanding:
ghost
commented
7 months ago 
Janmm14
commented
7 months ago such a general check shouldn't be named botnet downloader in my opinion
jonesdevelopment
commented
7 months ago such a general check shouldn't be named botnet downloader in my opinion
Whoops, I forgot the change the name after debugging. I'll change it to something like "Process Creation".
OpticFusion1
commented
7 months ago Too generic for the Anti-Malware. Gonna move this to https://github.com/OpticFusion1/Kitsune/ and add a better detection method
ghost
commented
7 months ago So Minecraft plugins creating and executing system sub processes is TOO GENERIC??
Recently, some of my friends discovered a new type of malware on SpigotMC. This type of malware downloads an ELF binary file and runs it using
Process process = processBuilder.start();Links to infected resources:
Both infected resources are currently not picked up, but are detected using this small check I implemented. I don't think that it causes any issues since no plugin has to create sub processes. I tried running it on a few plugins (AuthMe, SkinsRestorer, ...), and it only detected the infected plugin.