Mai binciken tsaro Willem de Groot cewa sakamakon kutse na ababen more rayuwa, maharan sun sami damar shigar da mugun saka cikin lambar tsarin nazarin yanar gizo. da kuma buΙaΙΙen dandali don samar da siffofin yanar gizo masu mu'amala . Sauya lambar JavaScript ta haifar da sasantawa na rukunin yanar gizo 4684 ta amfani da waΙannan tsarin akan shafukansu ( - Picreel kuma - Alpaca Forms).
An aiwatar tattara bayanai game da cika duk fom Ιin gidan yanar gizo akan shafuka kuma zai iya, a tsakanin sauran abubuwa, haifar da shiga tsakani na shigar da bayanan biyan kuΙi da sigogin tantancewa. An aika bayanin da aka katse zuwa uwar garken font-assets.com a ΖarΖashin sunan neman hoto. Har yanzu babu wani bayani game da yadda ainihin kayan aikin Picreel da cibiyar sadarwar CDN don isar da rubutun Alpaca Forms suka lalace. An sani kawai lokacin da aka kai hari kan Forms Alpaca, an maye gurbin rubutun da aka bayar ta hanyar hanyar sadarwar abun ciki ta Cloud CMS. an camouflaged a matsayin tsararrun bayanai a ciki script (zaka iya ganin kwafin lambar ).
Daga cikin masu amfani da ayyukan da aka lalata akwai manyan kamfanoni da yawa, ciki har da Sony, Forbes, Trustico, FOX, ClassesUSA, 3Dcart, Saxo Bank, Foundr, RocketInternet, Sprit da Virgin Mobile. Yin la'akari da gaskiyar cewa wannan ba shine farkon harin irin wannan ba (duba. tare da maye gurbin StatCounter counter), an shawarci masu gudanar da rukunin yanar gizon su yi taka tsantsan yayin sanya lambar JavaScript ta Ιangare na uku, musamman akan shafukan da suka shafi biyan kuΙi da tantancewa.
source: budenet.ru