Hauv Python pob directory PyPI (Python Package Index) tej pob khoom phem ""Thiab"", uas tau uploaded los ntawm ib tug sau olgired2017 thiab disguised li nrov pob khoom ""Thiab"" (tshwj xeeb los ntawm kev siv lub cim "Kuv" (i) tsis yog "l" (L) hauv lub npe). Tom qab txhim kho cov pob ntawv teev tseg, cov yuam sij encryption thiab cov ntaub ntawv tsis pub lwm tus neeg siv pom hauv lub kaw lus raug xa mus rau tus neeg tua neeg lub server. Cov pob teeb meem tam sim no tau raug tshem tawm ntawm PyPI phau ntawv qhia.
Txoj cai phem nws tus kheej tau tshwm sim hauv pob "jeIlyfish", thiab pob "python3-dateutil" siv nws ua qhov kev vam khom.
Cov npe tau raug xaiv raws li cov neeg siv tsis txaus ntseeg uas ua typos thaum tshawb nrhiav (). Lub pob siab phem "jeIlyfish" tau rub tawm ib xyoos dhau los, thaum Lub Kaum Ob Hlis 11, 2018, thiab tseem tsis tau txheeb xyuas. Lub pob "python3-dateutil" tau muab tso rau lub Kaum Ib Hlis 29, 2019 thiab ob peb hnub tom qab ntawd ua rau muaj kev tsis txaus siab ntawm ib tus neeg tsim tawm. Cov ntaub ntawv hais txog tus naj npawb ntawm kev teeb tsa ntawm cov pob tsis zoo yog tsis muab.
Cov pob jellyfish suav nrog cov lej uas rub tawm cov npe ntawm "hashes" los ntawm qhov chaw cia khoom sab nraud GitLab. Kev tshuaj xyuas ntawm cov logic rau kev ua haujlwm nrog cov "hashes" pom tias lawv muaj cov ntawv sau uas siv lub hauv paus 64 muaj nuj nqi thiab tau pib tom qab txiav txim siab. Tsab ntawv pom SSH thiab GPG cov yuam sij hauv lub kaw lus, nrog rau qee hom ntaub ntawv los ntawm cov npe hauv tsev thiab cov ntaub ntawv pov thawj rau PyCharm cov haujlwm, thiab tom qab ntawd xa lawv mus rau lwm tus neeg rau zaub mov uas khiav ntawm DigitalOcean huab infrastructure.
Tau qhov twg los: opennet.ru