Labarin cirewa daga ma'ajiyar NPM na fakitin ɓarna guda uku waɗanda suka kwafi lambar ɗakin ɗakin karatu na UAParser.js sun sami ci gaba da ba zato ba tsammani - maharan da ba a san su ba sun ƙwace ikon asusun marubucin aikin UAParser.js kuma sun fitar da sabuntawa dauke da lambar don satar kalmomin shiga da ma'adinan cryptocurrencies.
Matsalar ita ce ɗakin karatu na UAParser.js, wanda ke ba da ayyuka don tantance taken HTTP mai amfani-Agent, yana da kusan abubuwan zazzagewa miliyan 8 a kowane mako kuma ana amfani da shi azaman dogaro a cikin ayyukan sama da 1200. An bayyana cewa ana amfani da UAParser.js a cikin ayyukan kamfanoni kamar Microsoft, Amazon, Facebook, Slack, Discord, Mozilla, Apple, ProtonMail, Autodesk, Reddit, Vimeo, Uber, Dell, IBM, Siemens, Oracle, HP da Verison. .
An kai harin ne ta hanyar yin kutse na asusun mai haɓaka aikin, wanda ya gane cewa wani abu ba daidai ba ne bayan wani sabon baƙon da ba a sani ba ya fada cikin akwatin saƙon sa. Ba a bayar da rahoton ainihin yadda aka yi kutse a asusun mai haɓakawa ba. Maharan sun ƙirƙiri sakin 0.7.29, 0.8.0 da 1.0.0, suna gabatar da muggan code a cikin su. A cikin 'yan sa'o'i kadan, masu haɓakawa sun dawo da ikon aikin kuma sun ƙirƙiri sabuntawa 0.7.30, 0.8.1 da 1.0.1 don gyara matsalar. An buga sifofin ƙeta a matsayin fakiti kawai a cikin ma'ajiyar NPM. Ba a shafe ma'ajiyar Git na aikin akan GitHub ba. Duk masu amfani waɗanda suka shigar da nau'ikan matsala, idan sun sami fayil ɗin jsextension akan Linux/macOS, da jsextension.exe da fayilolin ƙirƙirar.dll akan Windows, ana ba da shawarar yin la'akari da tsarin da aka lalata.
Canje-canjen ƙeta da aka ƙara sun kasance suna tunawa da canje-canjen da aka gabatar a baya a cikin clones na UAParser.js, wanda ya bayyana an sake shi don gwada aikin kafin kaddamar da wani babban hari a kan babban aikin. An zazzage fayil ɗin jsextension mai aiwatarwa kuma an ƙaddamar da shi akan tsarin mai amfani daga mai watsa shiri na waje, wanda aka zaɓa dangane da dandamalin mai amfani da aikin tallafi akan Linux, macOS da Windows. Don dandali na Windows, ban da shirin hakar ma'adinai na Monero cryptocurrency (an yi amfani da mai hakar ma'adinan XMRig), maharan sun kuma shirya gabatarwar ɗakin karatu na create.dll don kutse kalmomin shiga da aika su zuwa ga mai masaukin waje.
An ƙara lambar zazzagewa zuwa fayil ɗin preinstall.sh, wanda aka saka IP=$(curl -k https://freegeoip.app/xml/ | grep 'RU|UA|BY|KZ') idan [-z" $ IP" ] ... zazzagewa kuma gudanar da fayil ɗin fi
Kamar yadda ake iya gani daga lambar, rubutun ya fara bincika adireshin IP a cikin sabis na freegeoip.app kuma bai ƙaddamar da aikace-aikacen ɓarna ga masu amfani daga Rasha, Ukraine, Belarus da Kazakhstan ba.
source: budenet.ru