Kurwiswa kwakanyorwa kune vashandisi veNPM dhairekitori, semhedzisiro yazvo muna Kukadzi 20, anopfuura zviuru gumi nezvishanu mapakeji akaiswa muNPM repository, iyo README mafaera ayo aive aine zvinongedzo kune phishing saiti kana kutumira malink ekudzvanya pane izvo zvikwereti. vanobhadharwa. Munguva yekuongorora, 15 yakasarudzika phishing kana advertising links yakaonekwa mumapakeji, inovhara 190 domains.
Mazita emapakeji akasarudzwa kukwezva kufarira kwevanhuwo zvavo, semuenzaniso, "yemahara-tiktok-vateveri", "yemahara-xbox-code", "instagram-vateveri-yemahara", nezvimwe. Iko kuverenga kwakaitwa kuzadza rondedzero yezvichangobva kuitika pane iyo NPM main peji ine spam mapakeji. Tsananguro dzemapakeji dzinosanganisira zvinongedzo zvakavimbisa kupa kwemahara, zvipo, cheats yemitambo, pamwe nemasevhisi emahara ekuwedzera vateveri uye zvaanoda pasocial network seTikTok uye Instagram. Aka hakasi kekutanga kurwiswa kwakadai muna Zvita, kuburitswa kwezviuru zana nemakumi mana nemana emapaketi espam akanyorwa muNuGet, NPM uye PyPi madhairekitori.
Zviri mukati memapakeji zvakangogadzirwa pachishandiswa python script iro sezviri pachena rakasiiwa mumapakeji uye raisanganisira zvitupa zvebasa zvakashandiswa mukurwiswa. Iwo mapakeji akaburitswa pasi peakaundi akawanda akasiyana achishandisa nzira dzakaita kuti zviome kumisa nzira uye nekukasira kuona mapakeji ane dambudziko.
Pamusoro pezviitiko zvehutsotsi, kuedza kwakati wandei kuburitsa mapakeji ane hutsinye kwakaonekwawo muNPM nePyPi repositori:
- 451 mapakeji akaipa akawanikwa muPyPI repository, iyo yakazviita semamwe maraibhurari akakurumbira achishandisa typequatting (kupa mazita akafanana anosiyana mumabhii ega ega, semuenzaniso, vper pachinzvimbo che vyper, bitcoinnlib pachinzvimbo che bitcoinlib, ccryptofeed pachinzvimbo che cryptofeed, ccxtt pachinzvimbo che ccxt, cryptocompare pachinzvimbo checryptocompare, seleium pachinzvimbo selenium, pinstaller pachinzvimbo chepyinstaller, nezvimwe). Iwo mapakeji aisanganisira kodhi yakavharidzirwa yekuba cryptocurrency, iyo yakaona kuvepo kweiyo crypto wallet identifiers mu clipboard uye yakachinjisa kune chikwama cheanorwisa (inofungidzirwa kuti kana uchibhadhara, munhu akabatwa haaone kuti nhamba yechikwama inotamiswa kuburikidza ne clipboard. zvakasiyana). Kutsiva kwacho kwakaitwa nebrowser-add-on iyo yakaitwa muchirevo chepeji rega rega rewebhu rakatariswa.
- Mutsara wemaraibhurari eHTTP ane hutsinye akaonekwa muPyPI repository. Chiitiko chakashata chakawanikwa mumapakeji makumi mana nerimwe, mazita acho akasarudzwa pachishandiswa nzira dzematypequatting uye akafanana nemaraibhurari anozivikanwa (aio41, requestst, ulrlib, urllb, libhttps, piphttps, httpxv5, etc.). Kuiswa kwacho kwakange kwakafanana nekushanda kweHTTP maraibhurari kana kukopa kodhi yemaraibhurari aripo, uye tsananguro yaisanganisira zvirevo nezve mabhenefiti uye kuenzanisa nemaraibhurari eHTTP ari pamutemo. Zviitiko zvakashata zvaisanganisira kudhawunirodha malware pane system kana kuunganidza nekutumira data rinonzwisisika.
- NPM yakaratidza 16 JavaScript mapakeji (speedte *, trova *, lagra), iyo, mukuwedzera kune yakataurwa mashandiro (kuburikidza nekuyedza), yaivewo nekodhi yemugodhi cryptocurrency pasina ruzivo rwemushandisi.
- NPM yakaratidza 691 mapakeji akaipa. Mazhinji emapakiti ane dambudziko akanyepedzera kuva mapurojekiti eYandex (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, nezvimwewo) uye akabatanidza kodhi yekutumira ruzivo rwakavanzika kumaseva ekunze. Zvinofungidzirwa kuti avo vakaisa mapakeji vaiyedza kuwana kutsiva kwavo kutsamira pakuunganidza mapurojekiti muYandex (nzira yekutsiva kutsamira kwemukati). Mune PyPI repository, vaongorori vakafanana vakawana 49 mapakeji (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, nezvimwewo) ine obfuscated yakaipa kodhi iyo inodhawunirodha uye inomhanyisa faira rinoitwa kubva kune yekunze server.
Source: opennet.ru