Nyaya yekubviswa kubva muNPM repository yemapakeji matatu akashata akakopa kodhi yeraibhurari yeUAParser.js yakagamuchira kuenderera kusingatarisirwe - vapambi vasingazivikanwe vakabata kutonga kweakaundi yemunyori wepurojekiti yeUAParser.js uye vakaburitsa zvigadziriso zvine kodhi ye. kuba mapassword uye kuchera cryptocurrencies.
Dambudziko nderekuti raibhurari yeUAParser.js, iyo inopa mabasa ekufambisa musoro weMushandisi-Agent HTTP, ine mamirioni masere ekudhawunirodha pasvondo uye inoshandiswa seanotsamira mumapurojekiti anopfuura chiuru nemazana maviri. Zvinonzi UAParser.js inoshandiswa muzvirongwa zvemakambani akadai seMicrosoft, Amazon, Facebook, Slack, Discord, Mozilla, Apple, ProtonMail, Autodesk, Reddit, Vimeo, Uber, Dell, IBM, Siemens, Oracle, HP uye Verison. .
Kurwiswa kwacho kwakaitwa kuburikidza nekubirwa kweakaunti yemugadziri weprojekiti, uyo akaona kuti chimwe chinhu chakanga chisina kumira zvakanaka mushure mekunge mafungu asina kujairika espam awira mubhokisi rake retsamba. Kuti iyo account yemugadziri yakabiwa sei chaizvo haina kutaurwa. Vapambi vakagadzira kuburitswa 0.7.29, 0.8.0 uye 1.0.0, vachiunza kodhi yakaipa mavari. Mukati memaawa mashoma, vagadziri vakawanazve kutonga kweprojekiti uye vakagadzira zvigadziriso 0.7.30, 0.8.1 uye 1.0.1 kugadzirisa dambudziko. Mavhezheni akashata akaburitswa chete semapakeji muNPM repository. Iyo purojekiti yeGit repository paGitHub haina kukanganiswa. Vese vashandisi vakaisa zvinetswa shanduro, kana vakawana iyo jsextension faira paLinux/macOS, uye jsextension.exe uye create.dll mafaera paWindows, vanorayirwa kuti vatarise hurongwa hwakakanganiswa.
Kuchinja kwakashata kwakawedzerwa kwaiyeuchidza nezvekuchinja kwakambotaurwa mumakoneti eUAParser.js, iyo yakaita seyakabudiswa kuti iedze kushanda isati yatanga kurwisa kukuru kwepurojekiti huru. Iyo jsextension inogoneka faira yakatorwa uye yakatangwa kune mushandisi sisitimu kubva kune yekunze muenzi, iyo yakasarudzwa zvichienderana nepuratifomu yemushandisi uye inotsigirwa basa paLinux, macOS neWindows. Kune Windows platform, kunze kwepurogiramu yekuchera Monero cryptocurrency (iyo XMRig miner yakashandiswa), vapambi vakarongawo kuiswa kwecreate.dll raibhurari kuti vabvume mapassword uye vatumire kune wekunze.
Kodhi yekudhawunirodha yakawedzerwa kune preinstall.sh faira, umo isa IP=$(curl -k https://freegeoip.app/xml/ | grep 'RU|UA|BY|KZ') kana [ -z " $ IP" ] ... dhawunirodha uye mhanyisa faira rekuita fi
Sezvinoonekwa kubva mukodhi, iyo script yakatanga kutarisa IP kero mu freegeoip.app sevhisi uye haina kuvhura application yakaipa kune vashandisi vanobva kuRussia, Ukraine, Belarus neKazakhstan.
Source: opennet.ru