An gano ɗakunan karatu guda uku waɗanda ke ɗauke da lambar ɓarna a cikin kundin adireshin PyPI (Python Package Index). Kafin a gano al'amurran da kuma cire su daga kundin adireshi, an zazzage fakitin jimlar kusan sau 15.
An rarraba fakitin dpp-abokin ciniki (zazzagewar 10194) da dpp-abokin ciniki1234 (1536 zazzagewar) tun watan Fabrairu kuma sun haɗa da lambar don aika abubuwan da ke cikin masu canjin yanayi, wanda zai iya, alal misali, ya haɗa da maɓallan shiga, alamu, ko kalmomin shiga don ci gaba da tsarin haɗin kai ko yanayin girgije kamar AWS. Fakitin kuma sun aika da jerin abubuwan da ke cikin "/gida," "/mnt/mesos/," da "mnt/mesos/sandbox" kundayen adireshi zuwa ga mai masaukin baki.
An saka fakitin aws-login0tool (zazzagewa 3042) a ma'ajiyar PyPI a ranar 1 ga Disamba kuma an haɗa da lambar don saukewa da gudanar da aikace-aikacen Trojan don kwace ikon masu masaukin baki da ke gudana. WindowsLokacin zabar sunan fakitin, ra'ayin shine cewa maɓallan "0" da "-" suna kusa da juna, don haka yana yiwuwa mai haɓaka zai rubuta "aws-login0tool" maimakon "aws-login-tool."
An gano fakitin matsala ta hanyar gwaji mai sauƙi wanda wani ɓangaren fakitin PyPI (kusan 200 na fakitin 330 a cikin ma'adana) an zazzage su ta amfani da Bandersnatch, sa'an nan kuma aka yi amfani da kayan aikin grep don ware da kuma nazarin waɗannan fakitin waɗanda fayil ɗin saitin.py ya ambata "shigo da urllib. buƙatun da ake amfani da shi na waje, buƙatun da ake amfani da shi na waje don aikawa, kira na waje.
source: budenet.ru
