Iyo PyPI (Python Package Index) Python package repository yakamira kwenguva kunyoresa vashandisi vatsva nemapurojekiti. Chikonzero kuwedzera kwechiitiko chevanorwisa vakaronga kuburitswa kwemapakeji nekodhi yakaipa. Zvinocherechedzwa kuti nevatungamiriri vakati wandei pazororo, huwandu hweakanyoreswa mapurojekiti akashata svondo rapfuura akadarika kugona kwechikwata chePyPI chasara kupindura nekukurumidza. Vagadziri vacho vanoronga kuvakazve mamwe maitiro ekusimbisa pakupera kwesvondo, mushure mezvo vanozotangazve mukana wekunyoresa mune repository.
Zvinoenderana neiyo Sonatype malware yekutarisa system, muna Kurume 2023, 6933 mapakeji akashata akawanikwa muPyPI katalogi, uye zvachose, kubva 2019, huwandu hweakaonekwa mapakeji ane hutsinye hwakapfuura zviuru zana negumi neshanu. Muna Zvita 115, kurwiswa kweNuGet, NPM, uye PyPI catalogs zvakakonzera kuburitswa kwe2022 mapakeji ehutsotsi uye spam kodhi.
Mazhinji mapakeji ane hutsinye anovharwa semaraibhurari akakurumbira achishandisa typequatting (kupa mazita akafanana anosiyana mune mamwe mavara, semuenzaniso, examplepl pane semuenzaniso, djangoo pane django, pyhton pane python, nezvimwewo) - vanorwisa vanovimba nevashandisi vasina hanya vakaita typo kana vasina kuona misiyano yezita pavakatsvaga. Zviito zvakashata zvinowanzouya pakutumira data rakavanzika rinowanikwa pane yemuno sisitimu semhedzisiro yekutsanangura mafaera akajairwa ane mapassword, makiyi ekuwana, crypto wallets, tokens, session cookies uye mamwe mashoko akavanzika.
Source: opennet.ru