Kev tawm tsam tau sau tseg rau cov neeg siv ntawm NPM cov npe, vim li ntawd thaum Lub Ob Hlis 20, ntau dua 15 txhiab pob khoom tau muab tso rau hauv NPM chaw cia khoom, README cov ntaub ntawv uas muaj cov kev txuas mus rau phishing qhov chaw lossis xa mus txuas rau nyem rau qhov twg cov nyiaj tau los. tau them. Thaum lub sijhawm kev tshuaj xyuas, 190 qhov tshwj xeeb phishing lossis kev tshaj tawm kev sib txuas tau raug txheeb xyuas hauv cov pob, suav nrog 31 tus thawj.
Cov npe ntawm cov pob khoom raug xaiv los nyiam cov neeg zoo tib yam, piv txwv li, "free-tiktok-followers", "free-xbox-codes", "instagram-followers-free", thiab lwm yam. Kev suav tau ua kom sau cov npe ntawm cov kev hloov tshiab tsis ntev los no ntawm NPM nplooj ntawv tseem ceeb nrog cov pob spam. Cov lus piav qhia ntawm cov pob khoom suav nrog cov kev sib txuas uas tau cog lus tias yuav pub dawb, khoom plig, kev ua si cheats, nrog rau cov kev pabcuam pub dawb rau kev nce cov neeg nyiam thiab nyiam hauv kev tes hauj lwm xws li TikTok thiab Instagram. Qhov no tsis yog thawj qhov kev tawm tsam no; thaum Lub Kaum Ob Hlis, kev tshaj tawm 144 txhiab pob spam tau sau tseg hauv NuGet, NPM thiab PyPi cov npe.
Cov ntsiab lus ntawm cov pob khoom tau raug tsim los siv cov ntawv python uas pom tau tias tsis pom zoo nyob hauv cov pob khoom thiab suav nrog cov ntawv pov thawj ua haujlwm siv hauv kev tawm tsam. Cov pob khoom tau luam tawm nyob rau hauv ntau qhov sib txawv ntawm cov nyiaj siv txoj hauv kev uas ua rau nws nyuaj rau kev tsis sib haum xeeb ntawm txoj kev thiab sai sai txheeb xyuas cov pob teeb meem.
Ntxiv nrog rau kev dag ntxias, ntau qhov kev sim tshaj tawm cov pob khoom tsis zoo kuj tau kuaj pom hauv NPM thiab PyPi chaw cia khoom:
- 451 cov pob tsis zoo tau pom nyob rau hauv PyPI repository, uas zais lawv tus kheej li qee lub tsev qiv ntawv nrov siv hom kev sib tw (xws li cov npe zoo sib xws uas txawv ntawm tus kheej cov cim, piv txwv li, vper es tsis txhob vyper, bitcoinnlib es tsis txhob bitcoinlib, ccryptofeed es tsis txhob cryptofeed, ccxtt es tsis txhob ccxt, cryptocommpare es tsis txhob cryptocompare, seleium hloov selenium, pinstaller tsis yog pyinstaller, thiab lwm yam). Cov pob khoom suav nrog obfuscated code rau nyiag cryptocurrency, uas kuaj pom lub xub ntiag ntawm crypto lub hnab nyiaj tus cim hauv cov ntawv teev cia thiab hloov lawv mus rau tus neeg tua lub hnab nyiaj (nws xav tias thaum them nyiaj, tus neeg raug tsim txom yuav tsis pom tias tus lej hnab nyiaj pauv los ntawm cov ntawv teev cia. yog txawv). Kev hloov pauv tau ua los ntawm qhov browser ntxiv-on uas tau ua tiav hauv cov ntsiab lus ntawm txhua nplooj ntawv web tau saib.
- Cov tsev qiv ntawv siab phem HTTP tau raug txheeb xyuas hauv PyPI chaw cia khoom. Cov kev ua phem tau pom nyob rau hauv 41 pob, cov npe uas tau xaiv los ntawm kev siv hom kev sib tw thiab zoo li cov tsev qiv ntawv nrov (aio5, thov, ulrlib, urllb, libhttps, piphttps, httpxv2, thiab lwm yam). Cov khoom siv tau tsim kom zoo ib yam li cov tsev qiv ntawv HTTP ua haujlwm lossis theej cov cai ntawm cov tsev qiv ntawv uas twb muaj lawm, thiab cov lus piav qhia suav nrog kev thov txog cov txiaj ntsig thiab kev sib piv nrog cov tsev qiv ntawv HTTP raug cai. Kev ua phem ua phem muaj xws li rub tawm malware rau hauv lub kaw lus lossis sau thiab xa cov ntaub ntawv rhiab heev.
- NPM tau txheeb xyuas 16 JavaScript pob (speedte *, trova *, lagra), uas, ntxiv rau cov kev ua haujlwm tau hais tseg (los ntawm kev sim), kuj tseem muaj cov cai rau mining cryptocurrency yam tsis muaj tus neeg siv paub.
- NPM tau txheeb xyuas 691 pob khoom phem. Feem ntau ntawm cov teeb meem pob khoom ua piv txwv yog Yandex cov haujlwm (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, thiab lwm yam) thiab suav nrog cov lej xa cov ntaub ntawv tsis pub lwm tus paub rau cov servers sab nraud. Nws yog xav tias cov neeg uas tau tshaj tawm cov pob khoom tau sim ua kom tiav kev hloov pauv ntawm lawv tus kheej kev vam khom thaum sib sau ua haujlwm hauv Yandex (txoj kev hloov pauv ntawm kev nyob sab hauv). Hauv PyPI repository, tib cov neeg tshawb nrhiav pom 49 pob khoom (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, thiab lwm yam) nrog obfuscated siab phem code uas downloads thiab khiav ib cov ntaub ntawv executable los ntawm lwm tus neeg rau zaub mov.
Tau qhov twg los: opennet.ru