Security researchers are finding more and more malicious things lurking on the Google Code project repository.
According to Websense, code for a notorious PHP-based Web console known as "r57shell" has been hosted at Google Code since November 2007, giving malicious hackers a launching pad to control remote shells.
The Websense researchers found the black-hat toolkit among Trojan files and a text file with a list of more than 50,000 compromised MySpace accounts.
We saw that the Google Code Web site isn't just used to host malicious files, but is also used to host malicious Web content and tools. Abusing Google's services isn't new: with so many offered services as a platform, it follows that attackers will naturally use and abuse it, but it certainly looks like it doesn't have to be through the back door. Coming though the front one can also be an easy option.
Websense has posted screenshots of the discovery on its blog.
Just last week, another security research firm warned that hackers are using the Google Code repository to host Trojans horses, backdoors and password stealing keyloggers.
The researchers found a malicious project hosted on the free Google Code site with about 50+ malware executables stored in the download section of the project.