Achọpụtara ọba akwụkwọ atọ nwere koodu ọjọọ n'ime akwụkwọ ndekọ aha PyPI (Python Package Index). Tupu a chọpụta nsogbu ma wepụ ya na katalọgụ ahụ, ebudatala ngwugwu ihe fọrọ nke nta ka ọ bụrụ ugboro puku iri na ise.
E kesara ngwugwu dpp-client (nbudata 10194) na dpp-client1234 (1536 nbudata) kemgbe ọnwa Febụwarị wee tinye koodu maka izipu ọdịnaya nke mgbanwe gburugburu ebe obibi, nke, dịka ọmụmaatụ, nwere ike ịgụnye igodo nnweta, akara ngosi ma ọ bụ okwuntughe na sistemu ntinye na-aga n'ihu. ma ọ bụ gburugburu igwe ojii dị ka AWS. Ngwungwu ndị ahụ zigakwara ndepụta nwere ọdịnaya nke akwụkwọ ndekọ aha "/ home", "/mnt/mesos/" na "mnt/mesos/sandbox" na ndị ọbịa mpụga.
Ihe ngwugwu aws-login0tool (nbudata 3042) ka ezigara na ebe nchekwa PyPI na Disemba 1 wee tinye koodu iji budata ma mee ngwa Trojan iji jikwaa ndị ọbịa na-agba Windows. Mgbe ị na-ahọrọ aha ngwugwu, a na-eme ngụkọta oge na eziokwu ahụ bụ na igodo "0" na "-" dị nso na enwere ike na onye nrụpụta ga-etinye "aws-login0tool" kama "aws-login-tool".
Achọpụtara ngwugwu nsogbu ahụ n'oge nnwale dị mfe, nke a na-ebudata akụkụ nke ngwugwu PyPI (ihe dị ka puku 200 n'ime 330 puku ngwugwu na ebe nchekwa) site na iji ọrụ Bandersnatch, mgbe nke ahụ gasịrị, ụlọ ọrụ grep chọpụtara ma nyochaa ngwugwu ndị ahụ. akpọtụrụ na faịlụ setup.py Oku "bubata urllib.request", nke a na-ejikarị ziga arịrịọ na ndị ọbịa mpụga.
isi: opennet.ru