Uhlaselo lwabhalwa kubasebenzisi be-directory ye-NPM, ngenxa yoko ngoFebruwari 20, iipakethe ezingaphezulu kwe-15 lamawaka zifakwe kwindawo yokugcina ye-NPM, iifayile ze-README eziqulethe izixhumanisi kwiindawo ze-phishing okanye i-referral links ngokuchofoza apho i-royalties. zihlawulwe. Ngethuba lokuhlalutya, i-190 i-phishing ekhethekileyo okanye i-advertising links zichongiwe kwiiphakheji, ezigubungela i-31 domains.
Amagama eepakethi akhethwe ukutsala umdla wabantu abaqhelekileyo, umzekelo, "i-free-tiktok-abalandeli", "i-free-xbox-codes", "i-instagram-followers-free", njl. Ubalo lwenziwe ukugcwalisa uluhlu lohlaziyo lwamva nje kwiphepha eliphambili le-NPM kunye neepakethe ze-spam. Iinkcazo zeepakethi zibandakanya amakhonkco athembisa ukuphiwa simahla, izipho, ukukopela komdlalo, kunye neenkonzo zasimahla zokufumana abalandeli kunye nezinto ezithandwayo kwiinethiwekhi zentlalo ezifana neTikTok kunye ne-Instagram. Olu alukho uhlaselo lokuqala olunjalo ngoDisemba, ukupapashwa kweepakethe ze-spam ze-144 zamawaka zirekhodwe kwii-NuGet, NPM kunye ne-PyPi.
Imixholo yeepakethe zenziwa ngokuzenzekelayo kusetyenziswa iskripthi se-python esibonakala sishiywe ngokungahambiyo kwiiphakheji kwaye sibandakanya iziqinisekiso zomsebenzi ezisetyenziswe ekuhlaselweni. Iipakethe zapapashwa phantsi kweeakhawunti ezininzi ezahlukeneyo zisebenzisa ubuchule obenze ukuba kube nzima ukukhulula umzila kunye nokuchonga ngokukhawuleza iipakethe eziyingxaki.
Ukongeza kwimisebenzi yobuqhophololo, iinzame ezininzi zokupapasha iipakethe ezikhohlakeleyo nazo zabhaqwa kwi-NPM kunye nePyPi yokugcina:
- Kufunyenwe iipakethe ezikhohlakeleyo ezingama-451 kwindawo yokugcina yePyPI, ezenze ngathi ngamanye amathala eencwadi adumileyo kusetyenziswa typequatting (ukwabela amagama afanayo ahlukileyo ngoonobumba ngabanye, umzekelo, vper endaweni ye vyper, bitcoinnlib endaweni ye bitcoinlib, ccryptofeed endaweni ye cryptofeed, ccxtt endaweni ccxt, i-cryptocompare endaweni ye-cryptocompare, i-seleium endaweni ye-selenium, i-pinstaller endaweni ye-pyinstaller, njl.). Iipakethi zibandakanya ikhowudi efihliweyo yokuba i-cryptocurrency, ebone ubukho be-crypto wallet isazisi kwibhodi eqhotyoshwayo kwaye yatshintsha kwi-wallet yomhlaseli (kucingelwa ukuba xa usenza intlawulo, ixhoba aliyi kuqaphela ukuba inombolo yesipaji idluliselwe kwibhodi eqhotyoshwayo. yahlukile). Ukutshintshwa kuqhutywe yi-browser add-on eyenziwa kumxholo wephepha ngalinye lewebhu elijongwayo.
- Uluhlu lwamathala eencwadi e-HTTP akhohlakeleyo achongiwe kwindawo yokugcina iPyPI. Umsebenzi okhohlakeleyo ufunyenwe kwiipakethe ezingama-41, amagama azo akhethiweyo kusetyenziswa iindlela zohlobo lwequatting kwaye afane nethala leencwadi elidumileyo (aio5, requestst, ulrlib, uurllb, libhttps, piphttps, httpxv2, njl.). Ukuxutywa kufakwe ngendlela efana neelayibrari ze-HTTP ezisebenzayo okanye zikopishwe ikhowudi yamathala eencwadi asele ekhona, kwaye inkcazo ibandakanya amabango malunga neenzuzo kunye nokuthelekisa kunye namathala eencwadi e-HTTP asemthethweni. Umsebenzi okhohlakeleyo uquka ukukhuphela i-malware kwisistim okanye ukuqokelela kunye nokuthumela idatha ebuthathaka.
- I-NPM ichonge iipakethi ze-JavaScript ezili-16 (i-speedte *, i-trova *, i-lagra), leyo, ngaphezu komsebenzi ochaziweyo (uvavanyo lokuvavanya), nayo iqulethe ikhowudi ye-cryptocurrency yezemigodi ngaphandle kolwazi lomsebenzisi.
- I-NPM ichonge iipakethe ezikhohlakeleyo ezingama-691. Uninzi lweepakethe ezinengxaki ezizenza ngathi ziiprojekthi zeYandex (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, njl.) kwaye ifakwe ikhowudi yokuthumela ulwazi oluyimfihlo kumaseva angaphandle. Kucingelwa ukuba abo bathumela iipakethi babezama ukufezekisa ukutshintshwa kokuxhomekeka kwabo xa behlanganisa iiprojekthi kwiYandex (indlela yokutshintshwa kokuxhomekeka kwangaphakathi). Kwindawo yogcino lwePyPI, kwa abaphandi abafanayo bafumene iipakethe ezingama-49 (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, njl.) kunye nekhowudi ekhohlakeleyo efihliweyo ekhuphela kwaye iqhube ifayile ephunyezwayo kwiseva yangaphandle.
umthombo: opennet.ru