Ma'ajiyar NPM ta gano fakitin ƙeta 17 waɗanda aka rarraba ta amfani da nau'in squatting, watau. tare da ba da sunaye masu kama da sunayen shahararrun ɗakunan karatu tare da tsammanin cewa mai amfani zai yi typo lokacin buga sunan ko kuma ba zai lura da bambance-bambance ba lokacin zabar module daga jerin.
Discord-selfbot-v14, discord-lofy, discordsystem, da discord-vilao kunshe-kunshe sun yi amfani da gyare-gyaren sigar ɗakin karatu na halal na discord.js, wanda ke ba da ayyuka don hulɗa tare da Discord API. An haɗa ɓangarori masu ɓarna cikin ɗayan fayilolin fakitin kuma sun haɗa da kusan layukan lamba 4000, waɗanda aka ɓoye su ta amfani da madaidaicin sunan mangling, ɓoyayyen kirtani, da keta tsarin tsarin lamba. Lambar ta bincika FS na gida don alamun Discord kuma, idan an gano su, aika su zuwa uwar garken maharan.
Kunshin kuskuren gyara an yi iƙirarin gyara kwari a cikin Discord selfbot, amma ya haɗa da ƙa'idar Trojan da ake kira PirateStealer wanda ke satar lambobin katin kiredit da asusun da ke da alaƙa da Discord. An kunna ɓangaren ɓarna ta shigar da lambar JavaScript a cikin abokin ciniki Discord.
Kunshin prerequests-xcode ya haɗa da Trojan don tsara hanyar shiga nesa zuwa tsarin mai amfani, dangane da aikace-aikacen DiscordRAT Python.
An yi imanin cewa maharan na iya buƙatar samun dama ga sabobin Discord don tura wuraren sarrafawa na botnet, a matsayin wakili don zazzage bayanai daga tsarin da aka daidaita, rufe hare-hare, rarraba malware tsakanin masu amfani da Discord, ko sake siyar da asusun ƙima.
Fakitin wafer-bind, wafer-autocomplete, wafer-becon, wafer-caas, wafer-toggle, wafer-gelocation, wafer-image, form-wafer, akwatin wafer-lightbox, octavius-jama'a da mrg-saƙon-dillalin sun haɗa da lambar. don aika abubuwan da ke cikin masu canjin yanayi, waɗanda, alal misali, na iya haɗawa da maɓallan shiga, alamu ko kalmomin shiga zuwa ci gaba da tsarin haɗin kai ko yanayin girgije kamar AWS.
source: budenet.ru