ProHoster > Блог > ozi ịntanetị > Ihe ngwungwu UAParser.js NPM, nke nwere nbudata nde 8 kwa izu, ka agbanyere malware.

Ihe ngwungwu UAParser.js NPM, nke nwere nbudata nde 8 kwa izu, ka agbanyere malware.

Akụkọ banyere mwepụ na ebe nchekwa NPM nke ngwugwu ọjọọ atọ nke depụtaghachiri koodu nke ọbá akwụkwọ UAParser.js nwetara n'ihu na-atụghị anya ya - ndị na-awakpo a na-amaghị ama weghaara njikwa akaụntụ nke onye dere ọrụ UAParser.js wee wepụta mmelite nwere koodu maka na-ezu ohi okwuntughe ma na-egwupụta ego crypto.

Nsogbu bụ na ọbá akwụkwọ UAParser.js, nke na-enye ọrụ maka ịkọwapụta isi ihe onye ọrụ-Agent HTTP, nwere ihe dị ka nde 8 nbudata kwa izu ma jiri ya mee ihe dị ka ndabere na ihe karịrị 1200 ọrụ. Ekwuru na a na-eji UAParser.js na ọrụ nke ụlọ ọrụ ndị dị ka Microsoft, Amazon, Facebook, Slack, Discord, Mozilla, Apple, ProtonMail, Autodesk, Reddit, Vimeo, Uber, Dell, IBM, Siemens, Oracle, HP na Verison. .

Emere mwakpo ahụ site na hacking nke akaụntụ nke onye nrụpụta ọrụ ahụ, bụ onye ghọtara na ihe adịghị mma mgbe ebili mmiri na-adịghị ahụkebe nke spam dabara n'ime igbe ozi ya. A naghị akọpụta kpọmkwem otu esi emebi akaụntụ onye nrụpụta. Ndị mwakpo ahụ mepụtara mwepụta 0.7.29, 0.8.0 na 1.0.0, na-ewebata koodu ọjọọ n'ime ha. N'ime awa ole na ole, ndị mmepe ahụ nwetaghachiri ọrụ ahụ ma mepụta mmelite 0.7.30, 0.8.1 na 1.0.1 iji dozie nsogbu ahụ. Ebipụtara ụdị ọjọọ naanị dị ka ngwugwu na ebe nchekwa NPM. emetụtaghị ebe nchekwa Git nke ọrụ a na GitHub. Ndị ọrụ niile arụnyere ụdị nsogbu, ọ bụrụ na ha chọta faịlụ jsextension na Linux / MacOS, yana faịlụ jsextension.exe na create.dll na Windows, a na-adụ ọdụ ka ha tụlee usoro ahụ mebiri emebi.

Mgbanwe obi ọjọọ agbakwunyere na-echetara mgbanwe ndị a tụrụ na mbụ na clones nke UAParser.js, bụ nke yiri ka a tọhapụrụ iji nwalee arụmọrụ tupu ịmalite mwakpo buru ibu na isi ọrụ. A budata faịlụ jsextension executable wee malite na sistemụ onye ọrụ site na onye ọbịa mpụga, nke ahọpụtara dabere na ikpo okwu onye ọrụ yana ọrụ nkwado na Linux, macOS na Windows. Maka ikpo okwu Windows, na mgbakwunye na mmemme maka igwu egwu Monero cryptocurrency (eji XMRig miner), ndị na-awakpo ahụ haziri mmeghe nke ụlọ akwụkwọ Create.dll iji gbochie okwuntughe ma ziga ha na ndị ọbịa na-apụ apụ.

Agbakwunyere koodu nbudata ahụ na faịlụ preinstall.sh, nke ntinye IP=$(curl -k https://freegeoip.app/xml/ | grep 'RU|UA|BY|KZ') ma ọ bụrụ [-z" $ IP" ] ... budata ma mee faịlụ nke enwere ike ime ya

Dị ka a na-ahụ na koodu ahụ, edemede ahụ buru ụzọ lelee adreesị IP na ọrụ freegeoip.app ma maliteghị ngwa ọjọọ maka ndị ọrụ si Russia, Ukraine, Belarus na Kazakhstan.

isi: opennet.ru

Tinye a comment