Mu chikwatu cha Python PyPI (Python Package Index) paketi zoyipa ""Ndipo"", zomwe zidakwezedwa ndi wolemba m'modzi olgired2017 ndikubisala ngati mapaketi otchuka ""Ndipo"" (chodziwika ndi kugwiritsa ntchito chizindikiro "Ine" (i) m'malo mwa "l" (L) m'dzina). Pambuyo poyika mapepala otchulidwawo, makiyi obisala ndi deta yachinsinsi ya ogwiritsa ntchito yomwe imapezeka mudongosolo idatumizidwa ku seva ya wowukirayo. Maphukusi omwe ali ndi vuto tsopano achotsedwa m'ndandanda wa PyPI.
Khodi yoyipayo idapezeka mu phukusi la "jeIlyfish", ndipo phukusi la "python3-dateutil" lidagwiritsa ntchito ngati kudalira.
Mayinawa adasankhidwa kutengera ogwiritsa ntchito osatchera khutu omwe adalemba pofufuza (). Phukusi loyipa la "jeIlyfish" lidatsitsidwa pafupifupi chaka chapitacho, pa Disembala 11, 2018, ndipo silinadziwike. Phukusi la "python3-dateutil" lidakwezedwa pa Novembara 29, 2019 ndipo patatha masiku angapo zidadzutsa kukayikira kwa m'modzi mwa omwe adapanga. Zambiri za kuchuluka kwa makhazikitsidwe azinthu zoyipa sizinaperekedwe.
Phukusi la jellyfish linali ndi code yomwe idatsitsa mndandanda wa "mahashi" kuchokera kunkhokwe yakunja ya GitLab. Kuwunika kwamalingaliro ogwirira ntchito ndi "mahashi" awa kunawonetsa kuti ali ndi script yosungidwa pogwiritsa ntchito ntchito ya base64 ndikuyambika pambuyo poyimba. Zolembazo zidapeza makiyi a SSH ndi GPG mudongosolo, komanso mitundu ina ya mafayilo kuchokera ku bukhu lanyumba ndi zidziwitso zamapulojekiti a PyCharm, kenako ndikuwatumiza ku seva yakunja yomwe ikuyenda pamtambo wa DigitalOcean.
Source: opennet.ru