Achọpụtara ọba akwụkwọ atọ nwere koodu ọjọọ n'ime akwụkwọ ndekọ aha PyPI (Python Package Index). Tupu a chọpụta nsogbu ma wepụ ya na katalọgụ ahụ, ebudatala ngwugwu ihe fọrọ nke nta ka ọ bụrụ ugboro puku iri na ise.
E kesara ngwugwu dpp-client (nbudata 10194) na dpp-client1234 (1536 nbudata) kemgbe ọnwa Febụwarị wee tinye koodu maka izipu ọdịnaya nke mgbanwe gburugburu ebe obibi, nke, dịka ọmụmaatụ, nwere ike ịgụnye igodo nnweta, akara ngosi ma ọ bụ okwuntughe na sistemu ntinye na-aga n'ihu. ma ọ bụ gburugburu igwe ojii dị ka AWS. Ngwungwu ndị ahụ zigakwara ndepụta nwere ọdịnaya nke akwụkwọ ndekọ aha "/ home", "/mnt/mesos/" na "mnt/mesos/sandbox" na ndị ọbịa mpụga.
E tinyere ngwugwu aws-login0tool (nbudata 3042) na ebe nchekwa PyPI na Disemba 1 ma tinye koodu iji budata ma gbaa ngwa Trojan iji jide njikwa nke ndị ọbịa na-agba ọsọ. WindowsMgbe ị na-ahọrọ aha ngwugwu ahụ, echiche ya bụ na igodo "0" na "-" dị nso, yabụ o yikarịrị ka onye nrụpụta ga-ede "aws-login0tool" kama "aws-login-tool."
Achọpụtara ngwugwu nsogbu ahụ n'oge nnwale dị mfe, nke a na-ebudata akụkụ nke ngwugwu PyPI (ihe dị ka puku 200 n'ime 330 puku ngwugwu na ebe nchekwa) site na iji ọrụ Bandersnatch, mgbe nke ahụ gasịrị, ụlọ ọrụ grep chọpụtara ma nyochaa ngwugwu ndị ahụ. akpọtụrụ na faịlụ setup.py Oku "bubata urllib.request", nke a na-ejikarị ziga arịrịọ na ndị ọbịa mpụga.
isi: opennet.ru
