14 DAY TRIAL // Experts warn that the lack of adequate validation performed by Google before allowing for files to be hosted on Google Code is exploited more and more by cybercriminals.
Zscaler experts have identified more malicious files on Google Code. This time, they’ve found a couple of .jar files – client.jar and update.jar – designed to download additional files from a given URL.
The malware poses as a Java Update in an effort to trick users into installing it.
In this case, it’s not difficult to determine that the files are malicious since they’re flagged by a fairly large number of antivirus solutions.
“Using Google code to distribute malware seems to increasing in popularity, no doubt due not only to the free hosting provided, but also the positive reputation of the google.com domain,” Zscaler’s Pradeep Kulkarni noted in a blog post.
He added, “Enterprises and end users alike, should consider any third party content, regardless of location, to be untrusted until it has been appropriately scanned.”