An rubuta wani hari kan masu amfani da kundin adireshin NPM, wanda a ranar 20 ga Fabrairu, an saka fiye da fakiti dubu 15 a ma'ajiyar NPM, fayilolin README na dauke da hanyoyin shiga shafukan yanar gizo ko kuma hanyoyin da za a bi domin danna wannen sarauta. ana biya. A yayin binciken, an gano nau'ikan phishing ko tallace-tallace na musamman guda 190 a cikin fakitin, wanda ke rufe yankuna 31.
An zaɓi sunayen fakitin don jawo hankalin jama'a na yau da kullun, alal misali, "mabiya-free-tiktok-followers", "free-xbox-codes", "instagram-followers-free", da dai sauransu. An yi lissafin don cika jerin abubuwan sabuntawa na kwanan nan akan babban shafin NPM tare da fakitin spam. Bayanin fakitin sun haɗa da hanyoyin haɗin gwiwa waɗanda suka yi alkawarin kyauta kyauta, kyaututtuka, yaudarar wasa, da kuma sabis na kyauta don haɓaka mabiya da abubuwan so akan hanyoyin sadarwar zamantakewa kamar TikTok da Instagram. Wannan ba shine farkon irin wannan harin ba; a cikin Disamba, an yi rikodin buga fakitin spam dubu 144 a cikin kundayen adireshi na NuGet, NPM da PyPi.
Abubuwan da ke cikin fakitin an ƙirƙira su ta atomatik ta amfani da rubutun python wanda da alama an bar shi a cikin fakitin ba da gangan ba kuma ya haɗa da takaddun aikin da aka yi amfani da shi wajen harin. An buga fakitin a ƙarƙashin asusu daban-daban ta amfani da hanyoyin da suka sa ya zama da wahala a kwance hanyar da sauri gano fakitin matsala.
Baya ga ayyukan zamba, an kuma gano yunƙurin buga fakitin ɓarna a cikin ma'ajin NPM da PyPi:
- An sami fakiti masu cutarwa 451 a cikin wurin ajiya na Pypi, wanda ya ɓoye wa wasu sanannun ɗakunan karatu ta amfani da kalmomin, ccryptnlib maimakon Bitcoinlib, ccrytt maimakon cryptoinlib, ccryt maimakon ccxt, cryptocommpare maimakon cryptocompare, seleium maimakon selenium, pinstaller maimakon pyinstaller, da sauransu). Fakitin sun haɗa da lambar ɓoye don satar cryptocurrency, wanda ya gano kasancewar abubuwan gano walat ɗin crypto a cikin allo kuma ya canza su zuwa walat ɗin maharin (ana ɗauka cewa lokacin biyan kuɗi, wanda aka azabtar ba zai lura cewa lambar walat ɗin ta canza ta cikin allo ba. daban). An gudanar da musanya ta hanyar ƙarar mai bincike wanda aka aiwatar a cikin mahallin kowane shafin yanar gizon da aka gani.
- An gano jerin dakunan karatu na HTTP masu cutarwa a cikin ma'ajin PyPI. An sami munanan ayyuka a cikin fakiti 41, waɗanda aka zaɓi sunayensu ta hanyar amfani da hanyoyin daidaitawa da kuma kama da shahararrun ɗakunan karatu (aio5, requestst, ulrlib, urlb, libhttps, piphttps, httpxv2, da sauransu). An tsara kayan da aka sanyawa don yayi kama da dakunan karatu na HTTP masu aiki ko kwafi lambar dakunan karatu da ake da su, kuma bayanin ya haɗa da da'awar game da fa'idodi da kwatance tare da halaltattun ɗakunan karatu na HTTP. Ayyukan mugunta sun ƙunshi ko dai zazzage malware akan tsarin ko tattarawa da aika bayanai masu mahimmanci.
- NPM ta gano fakitin JavaScript 16 (speedte *, trova *, lagra), wanda, ban da aikin da aka bayyana (gwajin gwaji), kuma ya ƙunshi lambar don hakar cryptocurrency ba tare da sanin mai amfani ba.
- NPM ta gano fakitin miyagu 691. Yawancin fakitin matsala sun yi kama da ayyukan Yandex (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, da sauransu) kuma sun haɗa da lambar don aika bayanan sirri zuwa sabar waje. An ɗauka cewa waɗanda suka buga fakitin suna ƙoƙarin cimma maye gurbin nasu dogaro lokacin tattara ayyukan a Yandex (hanyar musanya abubuwan dogaro na ciki). A cikin ma'ajiyar PyPI, masu binciken iri ɗaya sun sami fakiti 49 (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, da dai sauransu) tare da ɓoyayyiyar lambar ɓarna wanda ke zazzagewa da gudanar da fayil mai aiwatarwa daga sabar waje.
source: budenet.ru