Google developer site used for malware distribution : McAfee

Google developer website is used for distributing malware, says McAfee Inc, the leader in intrusion prevention and security risk management. RSA – An security Divison of EMC reported an phishing email that re-directs to Fake CNN site which spreads trojans.  Now McAfee has reported a similar issue with code.google.com website.

Code.Google.com is a Google’s Developer website, which developer share their programs & applications.  Along with legitimate code, there are links that redirect the visitor to a video. When the user click the video to play, website asks to download missing codecs, which is actually a malware or trojans. These malware & trojans will get downloaded to the local computer & starts collecting sensitive data. These sensitive informations are then relayed to the third party.

A Google spokesman said the company has removed malware-distributing projects from Google Code and search results. Google works hard to protect our users from malware. Using Project Hosting on Google Code, or any Google product, to serve or host malware is a violation of our product policies,” the spokesman said in a statement.

Google is working on automated tools to detect the malware programs that are hosted on the developer site & tries to remove as early as possible, the spokesman said.