ReversingLabs Company mhedzisiro yekuongorora kwekushandisa muRubyGems repository. Kazhinji, typosquatting inoshandiswa kugovera mapakeji ane hutsinye akagadzirirwa kuita kuti mugadziri asina hanya aite typo kana kusaona mutsauko paunenge uchitsvaga. Chidzidzo ichi chakaratidza mapakeji anodarika mazana manomwe ane mazita akafanana nemapakeji anozivikanwa asi akasiyana mune zvidiki, sekutsiva mavara akafanana kana kushandisa underscores pane madhidhi.
Zvikamu zvinofungidzirwa kuita zvakaipa zvakawanikwa mumapaketi anopfuura mazana mana. Kunyanya, iyo faira mukati yaive aaa.png, iyo yaisanganisira executable code mu PE fomati. Aya mapakeji aisanganiswa nemaakaundi maviri akatumirwa RubyGems kubva Kukadzi 400 kusvika Kukadzi 16, 25. , iyo yose yakatorwa kanokwana zviuru makumi mapfumbamwe nezvishanu. Vatsvagiri vakazivisa iyo RubyGems manejimendi uye mapaketi ane hutsinye akaonekwa akatobviswa kubva mudura.
Pamapakeji ane dambudziko akaonekwa, ainyanya kufarirwa aive "atlas-client", iyo pekutanga kuona isinga zivikanwe kubva pasuru yepamutemo "". Iyo pasuru yakataurwa yakatorwa ka2100 (yakajairika pasuru yakatorwa 6496 nguva, i.e. vashandisi vakakanganisa munenge 25% yemakesi). Mapakeji akasara akatorwa paavhareji 100-150 nguva uye akavharidzirwa semamwe mapakeji achishandisa nzira yakafanana yekutsiva underscores uye dashes (semuenzaniso, pakati. : appium-lib, action-mailer_cache_delivery, activemodel_validators, asciidoctor_bibliography, assets-pipeline, apress_validators, ar_octopus-replication-tracking, aliyun-open_search, aliyun-mns, ab_split, aps-polite).
Iwo mapakeji akashata aisanganisira PNG faira raive nefaira rinogoneka reWindows platform pane mufananidzo. Iro faira rakagadzirwa pachishandiswa Ocra Ruby2Exe utility uye raisanganisira rega-kubvisa archive ine Ruby script uye Ruby muturikiri. Pakuisa pasuru, iyo png faira yakatumidzwa zita rekuti exe uye yakatangwa. Panguva yekuurayiwa, faira yeVBScript yakagadzirwa uye yakawedzerwa kune autorun. Iyo yakatsanangurwa ine hutsinye VBScript muchiuno yakaongorora zviri mukati me clipboard nekuda kwekuvapo kweruzivo rwekuyeuchidza kero yekristpto wallet, uye kana yaonekwa, yakatsiva nhamba yechikwama netarisiro yekuti mushandisi haazoona mutsauko uye kuendesa mari kune isiriyo wallet. .
Chidzidzo chacho chakaratidza kuti hazvina kuoma kuwana kuwedzerwa kwepakeji yakaipa kune imwe yeanonyanya kufarirwa repositories, uye mapakeji aya anogona kuramba asina kuoneka, kunyangwe paine nhamba yakakosha yekurodha. Zvinofanira kucherechedzwa kuti dambudziko RubyGems uye inovhara zvimwe zvakakurumbira repositori. Somuenzaniso, gore rakapera vatsvakurudzi zvakafanana muNPM repository pane pasuru yakashata inonzi bb-builder, iyo inoshandisa nzira yakafanana yekutanga faira rinogoneka kuba mapassword. Izvi zvisati zvaitika paive nebackdoor zvichienderana nechiitiko-rukova NPM package, iyo yakaipa kodhi yakatorwa kanosvika 8 miriyoni nguva. Mapackage akashata futi muPyPI repository.
Source: opennet.ru