Closed jonesdevelopment closed 7 months ago
Screenshot of the malware code for further analysis and understanding:
such a general check shouldn't be named botnet downloader in my opinion
such a general check shouldn't be named botnet downloader in my opinion
Whoops, I forgot the change the name after debugging. I'll change it to something like "Process Creation".
Too generic for the Anti-Malware. Gonna move this to https://github.com/OpticFusion1/Kitsune/ and add a better detection method
So Minecraft plugins creating and executing system sub processes is TOO GENERIC??
Recently, some of my friends discovered a new type of malware on SpigotMC. This type of malware downloads an ELF binary file and runs it using
Process process = processBuilder.start();
Links to infected resources:
Both infected resources are currently not picked up, but are detected using this small check I implemented. I don't think that it causes any issues since no plugin has to create sub processes. I tried running it on a few plugins (AuthMe, SkinsRestorer, ...), and it only detected the infected plugin.