Ma ka papa kuhikuhi puolo Python PyPI (Python Package Index)
Aia ka code malicious i loko o ka pūʻolo "jeIlyfish", a ua hoʻohana ʻia ka ʻāpana "python3-dateutil" ma ke ʻano he hilinaʻi.
Ua koho ʻia nā inoa ma muli o nā mea hoʻohana makaʻole i hana hewa i ka wā e ʻimi ai (
Aia ka pūʻolo jellyfish i ka code i hoʻoiho i kahi papa inoa o nā "hashes" mai kahi waihona waihona GitLab waho. Hōʻike ka loiloi o ka loiloi no ka hana ʻana me kēia mau "hashes" i loko o lākou kahi palapala i hoʻopaʻa ʻia me ka hoʻohana ʻana i ka hana base64 a hoʻokuʻu ʻia ma hope o ka decoding. Ua loaʻa i ka palapala nā kī SSH a me GPG i loko o ka ʻōnaehana, a me kekahi mau ʻano faila mai ka papa kuhikuhi home a me nā hōʻoia no nā papahana PyCharm, a laila hoʻouna iā lākou i kahi kikowaena waho e holo ana ma ka DigitalOcean cloud infrastructure.
Source: opennet.ru