Ma ka PyPI (Python Package Index), ua ʻike ʻia he 26 mau pūʻolo hewa i loaʻa i ka code obfuscated i ka setup.py script, e hoʻoholo ana i ka hele ʻana o nā mea hōʻike kālā crypto ma ka clipboard a hoʻololi iā lākou i ka ʻeke a ka mea hoʻouka (manaʻo ʻia i ka wā e hana ai. he uku, ʻaʻole e ʻike ka mea i hoʻopaʻi ʻia he ʻokoʻa ke kālā i hoʻoili ʻia ma o ka helu ʻeke ʻeke clipboard exchange).
Hana ʻia ka hoʻololi ʻana e kahi palapala JavaScript, a ma hope o ka hoʻokomo ʻana i ka pōʻai ʻino, ua hoʻokomo ʻia i loko o ka polokalamu kele pūnaewele ma ke ʻano o kahi polokalamu kele pūnaewele, i hana ʻia ma ka pōʻaiapili o kēlā me kēia ʻaoʻao pūnaewele i nānā ʻia. ʻO ke kaʻina hana hoʻohui hoʻohui i kikoʻī i ka Windows platform a ua hoʻokō ʻia no nā polokalamu Chrome, Edge a me Brave. Kākoʻo i ka hoʻololi ʻana i nā ʻeke kālā no ETH, BTC, BNB, LTC a me TRX cryptocurrencies.
Hoʻololi ʻia nā pōʻai ʻino i ka papa kuhikuhi PyPI e like me kekahi mau hale waihona puke kaulana e hoʻohana ana i ka typequatting (e hāʻawi ana i nā inoa like ʻole i kēlā me kēia ʻano, no ka laʻana, examplepl ma kahi o ka laʻana, djangoo ma kahi o django, pyhton ma kahi o python, etc.). Ma muli o ka hoʻopili ʻana o nā clones i nā hale waihona puke kūpono, ʻokoʻa wale nō i kahi hoʻokomo ʻino, hilinaʻi nā mea hoʻouka i nā mea hoʻohana ʻole i hana i ka typo a ʻaʻole ʻike i ka ʻokoʻa o ka inoa i ka wā e ʻimi ai. No ka noʻonoʻo ʻana i ka kaulana o nā hale waihona puke kūpono (ʻoi aku ka nui o nā mea hoʻoiho ma mua o 21 miliona mau kope i kēlā me kēia lā), ʻo nā clones maikaʻi ʻole i hoʻokaʻawale ʻia e like me ke kiʻekiʻe o ka loaʻa ʻana o ka mea pōʻino; no ka laʻana, hoʻokahi hola ma hope o ka paʻi ʻana o ka ʻO ka pōʻai hewa mua, ua hoʻoiho ʻia ma mua o 100 mau manawa.
He mea ʻike ʻia i hoʻokahi pule i hala aku nei ua ʻike ka hui like o nā mea noiʻi he 30 mau pūʻulu ʻino ʻē aʻe ma PyPI, a ua hoʻololi ʻia kekahi o ia mau hale waihona puke kaulana. I ka wā o ka hoʻouka kaua ʻana, i hala ma kahi o ʻelua pule, ua hoʻoiho ʻia nā pōʻai ʻino i nā manawa 5700. Ma kahi o kahi palapala e pani ai i nā ʻeke crypto i kēia mau pūʻolo, ua hoʻohana ʻia ka mea maʻamau W4SP-Stealer, e ʻimi ana i ka ʻōnaehana kūloko no nā ʻōlelo huna i mālama ʻia, nā kī komo, nā wallets crypto, nā hōʻailona, nā Kuki hui a me nā ʻike huna ʻē aʻe, a hoʻouna i nā faila i loaʻa. ma o Discord.
Ua hana ʻia ke kelepona iā W4SP-Stealer ma ka hoʻololi ʻana i ka huaʻōlelo "__import__" i loko o nā faila setup.py a i ʻole __init__.py, i hoʻokaʻawale ʻia e ka nui o nā wahi e hana ai i ke kelepona iā __import__ ma waho o ka wahi i ʻike ʻia ma ka hoʻoponopono kikokikona. Ua unuhi ka poloka "__import__" i ka poloka Base64 a kākau iā ia i kahi faila manawa. Aia i loko o ka poloka kahi palapala no ka hoʻoiho ʻana a me ka hoʻokomo ʻana iā W4SP Stealer ma ka ʻōnaehana. Ma kahi o ka huaʻōlelo "__import__", ua hoʻokomo ʻia ka poloka ʻino i kekahi mau pūʻolo ma ke kau ʻana i kahi pūʻolo hou me ka hoʻohana ʻana i ke kelepona "pip install" mai ka setup.py script.
ʻO nā pūʻolo hewa i ʻike ʻia e hoʻopunipuni i nā helu ʻeke crypto:
- baeutifulsoup4
- nani4
- cloorama
- cryptographyh
- crpytography
- djangoo
- hello-world-example
- hello-world-example
- ipyhton
- mea hōʻoia leka uila
- mysql-connector-pyhton
- notebok
- pyautogiu
- pygaem
- pythorhc
- python-dateuti
- pahu-python
- python3-puʻu
- pyyalm
- rqueuests
- slenium
- sqlachemy
- sqlalcemy
- tkniter
- urllib
ʻIke ʻia nā pūʻolo ʻino e hoʻouna ana i nā ʻikepili koʻikoʻi mai ka ʻōnaehana:
- typeutil
- kaula kikokiko
- ʻano ʻano
- duonet
- fatnoob
- strinfer
- pydprotect
- incrivelsim
- ʻelua
- pyptext
- installpy
- NPP
- colorwin
- noi-httpx
- colorsama
- shaasigma
- kaulahao
- felpesviadinho
- piʻi ʻōpala
- pystyte
- pyslyte
- pystyle
- pyurllib
- algorithmic
- oiu
- maikaʻi
- curlapi
- ʻano-kala
- nā ʻōlelo huna
Source: opennet.ru