Edere mwakpo na ndị ọrụ nke akwụkwọ ndekọ aha NPM, n'ihi nke a na February 20, etinyere ihe karịrị puku ngwugwu 15 na ebe nchekwa NPM, faịlụ README nke nwere njikọ na saịtị phishing ma ọ bụ njikọ ntinye aka maka pịa nke ụgwọ eze. na-akwụ ụgwọ. N'oge nyocha ahụ, 190 pụrụ iche phishing ma ọ bụ mgbasa ozi njikọ dị na ngwugwu, na-ekpuchi ngalaba 31.
A họọrọ aha ngwugwu ahụ iji dọta mmasị nke ndị nkịtị, dịka ọmụmaatụ, "free-tiktok-followers", "free-xbox-codes", "instagram-followers-free", wdg. Emere ngụkọta oge iji mejupụta ndepụta mmelite na nso nso a na isi peeji NPM na ngwugwu spam. Nkọwa nke ngwugwu ahụ gụnyere njikọ ndị kwere nkwa inye onyinye n'efu, onyinye, aghụghọ egwuregwu yana ọrụ efu maka ịbawanye ndị na-eso ụzọ na mmasị na netwọkụ mmekọrịta dịka TikTok na Instagram. Nke a abụghị nke mbụ ọgụ dị otú ahụ; na Disemba, e dekọrọ mbipụta 144 puku ngwugwu spam na akwụkwọ ndekọ aha NuGet, NPM na PyPi.
A na-emepụta ọdịnaya nke ngwugwu ahụ na-akpaghị aka site na iji edemede python nke doro anya na-ahapụghị na ngwugwu ma tinye akwụkwọ ikike ọrụ ejiri na mbuso agha. E bipụtara ngwugwu ndị ahụ n'okpuru ọtụtụ akaụntụ dị iche iche site na iji ụzọ mere ka ọ sie ike ịtọghe ụzọ ahụ wee chọpụta ngwa ngwa ngwugwu nsogbu.
Na mgbakwunye na mmemme aghụghọ, a chọpụtakwara ọtụtụ mbọ iji bipụta ngwugwu ọjọọ na ebe nchekwa NPM na PyPi:
- A chọtara ngwugwu ọjọọ 451 na ebe nchekwa PyPI, bụ ndị na-eme onwe ha dị ka ụfọdụ ọbá akwụkwọ ndị a ma ama na-eji ụdịdị ụdị (na-ekenye aha ndị yiri ya dị iche iche na mkpụrụedemede ọ bụla, dịka ọmụmaatụ, vper kama vyper, bitcoinnlib kama bitcoinlib, ccryptofeed kama cryptofeed, ccxtt kama ịbụ ccxt, cryptocommpare kama cryptocompare, seleium kama selenium, pinstaller kama pyinstaller, wdg). Ngwunye ndị ahụ gụnyere koodu mkpuchi maka izu ohi cryptocurrency, nke chọpụtara na ọnụnọ nke njirimara akpa ego crypto na clipboard wee gbanwee ha na obere akpa onye mwakpo (a na-eche na mgbe ị na-akwụ ụgwọ, onye ahụ a tara ahụhụ agaghị achọpụta na nọmba obere akpa ahụ bufere site na bọọdụ ahụ. dị iche). Emere ngbanwe ahụ site na mgbakwunye ihe nchọgharị nke emere n'ọnọdụ nke ibe weebụ ọ bụla a na-elele.
- Achọpụtala usoro ọba akwụkwọ HTTP ọjọọ na ebe nchekwa PyPI. Achọtara omume ọjọọ na ngwugwu 41, aha ndị ahọpụtara site na iji ụdị ụdịdị ma yie ụlọ akwụkwọ ndị ama ama (aio5, requestst, ulrlib, urlb, libhttps, piphttps, httpxv2, wdg). A haziri ihe nri ahụ ka ọ dị ka ọba akwụkwọ HTTP na-arụ ọrụ ma ọ bụ depụtaghachi koodu nke ọba akwụkwọ dị adị, na nkọwa ahụ gụnyere nkwuputa gbasara uru na ntụnyere na ọba akwụkwọ HTTP ziri ezi. Omume ọjọọ nwere ma budata malware na sistemụ ma ọ bụ ịnakọta na izipu data nwere mmetụta.
- NPM chọpụtara ngwugwu Javascript 16 (speedte *, trova *, lagra), nke, na mgbakwunye na arụmọrụ kwuru (nnwale nnwale), nwekwara koodu maka ngwuputa cryptocurrency n'amaghị onye ọrụ.
- NPM chọpụtara ngwugwu ọjọọ 691. Ọtụtụ ngwungwu nsogbu ahụ mere ka ọ bụ ọrụ Yandex (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, wdg) yana koodu gụnyere maka izipu ozi nzuzo na sava mpụga. A na-eche na ndị biputere ngwugwu ahụ na-agbalị iji nweta ngbanwe nke ịdabere na onwe ha mgbe ha na-ezukọ ọrụ na Yandex (usoro nke dochie anya ịdabere n'ime). N'ime ebe nchekwa PyPI, otu ndị nyocha ahụ chọtara ngwugwu 49 (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, wdg) nwere koodu obi jọgburu onwe ya nke na-ebudata ma na-eme faịlụ enwere ike site na sava mpụga.
isi: opennet.ru