Masu bincike daga Jami'ar Leiden da ke Netherlands sun yi nazari kan batun buga samfuran lalata a kan GitHub, mai ɗauke da muggan code don kai hari ga masu amfani da suka yi ƙoƙarin yin amfani da su don gwada wani rauni. An bincika jimillar ma'ajiya 47313 da aka yi amfani da su, wanda ya ƙunshi sanannun raunin da aka gano daga 2017 zuwa 2021. Binciken abubuwan da aka yi amfani da su ya nuna cewa 4893 (10.3%) daga cikinsu sun ƙunshi lambar da ke aiwatar da muggan ayyuka. Masu amfani waɗanda suka yanke shawarar yin amfani da fa'idodin da aka buga ana ba da shawarar su fara bincika su don kasancewar abubuwan shigar da ake tuhuma da gudanar da amfani kawai a cikin injunan kama-da-wane waɗanda ke ware daga babban tsarin.
An gano manyan nau'ikan ɓarna guda biyu: abubuwan amfani waɗanda ke ɗauke da lambar ɓarna, alal misali, barin ƙofar baya a cikin tsarin, zazzage Trojan, ko haɗa na'ura zuwa botnet, da cin gajiyar tattarawa da aika bayanan sirri game da mai amfani. . Bugu da kari, an kuma gano wani nau'in fa'ida na bogi mara lahani wanda baya yin munanan ayyuka, amma kuma baya ƙunshe da aikin da ake tsammani, misali, ƙirƙira don ɓata ko kuma faɗakar da masu amfani da ke gudanar da lambar da ba a tantance ba daga hanyar sadarwar.
An yi amfani da gwaje-gwaje da yawa don gano munanan ayyuka:
- An bincika lambar amfani don kasancewar adiresoshin IP na jama'a da aka saka, bayan haka an kuma bincika adiresoshin da aka gano akan ma'ajin bayanai tare da jerin baƙar fata na runduna da aka yi amfani da su don sarrafa botnets da rarraba fayilolin ƙeta.
- Abubuwan amfani da aka kawo a cikin tsari an duba su a cikin software na anti-virus.
- An gano lambar don kasancewar juji na hexadecimal da ba a saba gani ba ko sakawa a cikin tsarin base64, bayan haka an yanke waɗannan abubuwan da aka saka kuma an bincika su.
source: budenet.ru