GitHub na-enyocha usoro mwakpo nke ndị mwakpo jisiri ike mebie cryptocurrency na akụrụngwa igwe ojii GitHub site na iji usoro GitHub Actions iji mee koodu ha. Mgbalị mbụ iji GitHub Actions maka ngwuputa ihe e debere na Nọvemba afọ gara aga.
Omume GitHub na-enye ndị mmepe koodu ohere itinye ndị na-ahụ maka njikwa ka ha rụọ ọrụ dị iche iche na GitHub. Dịka ọmụmaatụ, iji GitHub Actions ị nwere ike ịme ụfọdụ nlele na ule mgbe ị na-eme, ma ọ bụ megharịa nhazi nke Okwu ọhụrụ. Iji malite igwu ala, ndị na-awakpo na-emepụta ndụdụ nke ebe nchekwa na-eji GitHub Actions, tinye GitHub Actions ọhụrụ na nnomi ha, ma ziga arịrịọ ịdọrọ na ebe nchekwa mbụ na-atụ aro iji dochie ndị na-ahụ maka ihe omume GitHub dị ugbu a na ".github/workflows ọhụrụ. /ci.yml” onye njikwa.
Arịrịọ ịdọrọ obi ọjọọ ahụ na-ewepụta ọtụtụ mbọ iji mee onye na-ahụ maka ihe omume GitHub akọwapụtara nke onye mwakpo ahụ, nke mgbe awa 72 kwụsịrị n'ihi oge nkwụsịtụ, daa, wee gbaa ọsọ ọzọ. Iji wakpo, onye na-awakpo naanị kwesịrị ịmepụta arịrịọ ịdọrọ - onye na-ahụ maka ya na-agba ọsọ na-akpaghị aka na-enweghị nkwenye ọ bụla ma ọ bụ nsonye sitere na ndị na-echekwa ebe nchekwa mbụ, ndị nwere ike dochie naanị ọrụ enyo ma kwụsị ịgba ọsọ GitHub Actions.
Na ci.yml handler nke ndị mwakpo ahụ gbakwunyere, paramita “agba ọsọ” nwere koodu obfuscated (eval “$(echo 'YXB0IHVwZGF0ZSAt…' | base64 -d”), nke, mgbe e gburu ya, na-agbalị ibudata ma mee mmemme Ngwuputa. Na ụdị mbụ nke mbuso agha sitere na ebe nchekwa dị iche iche A na-ebugoro mmemme a na-akpọ npm.exe na GitHub na GitLab wee chịkọta ya na faịlụ ELF na-arụ ọrụ maka Alpine Linux (eji na ihe oyiyi Docker.) Ụdị mwakpo ọhụrụ na-ebudata koodu nke XMRig ọnyà. onye na-egwuputa ihe sitere na ebe nchekwa ọrụ gọọmentị, nke ejiri obere akpa dochie adreesị na sava maka izipu data.
isi: opennet.ru