Kwikhathalogu ye-PyPI (i-Python Package Index), iipakethi ezinobungozi ze-26 zichongiwe eziqulethe ikhowudi efihliweyo kwi-setup.py script, echaza ubukho be-crypto wallet identifiers kwi-clipboard kwaye itshintshe kwi-wallet yomhlaseli (kucingelwa ukuba xa usenza intlawulo, ixhoba aliyi kuqaphela ukuba imali edluliselwe nge-clipboard inombolo ye-wallet yokutshintshiselana yahlukile).
Ukutshintshwa kwenziwa ngeskripthi seJavaScript, leyo, emva kokufaka iphakheji enobungozi, ifakwe kwi-browser ngendlela ye-browser add-on, eyenziwa kumxholo wephepha ngalinye lewebhu elijongwayo. Inkqubo yokufakela i-add-on ikhethekileyo kwi-platform yeWindows kwaye iphunyezwe kwi-Chrome, i-Edge kunye ne-Brave browsers. Ixhasa ukutshintshwa kwezipaji ze-ETH, BTC, BNB, LTC kunye ne-TRX cryptocurrencies.
Impahla eyingozi zifihlwa kulawulo lwePyPI njengamathala eencwadi athile adumileyo kusetyenziswa typequatting (ukunika amagama afanayo awahlukileyo kubalinganiswa ngabanye, umzekelo, exampl endaweni yomzekelo, djangoo endaweni yedjango, pyhton endaweni yepython, njl. njl.). Kuba iiclones ezenziweyo ziphindaphinda ngokupheleleyo amathala eencwadi asemthethweni, ahluke kuphela kufakelo olukhohlakeleyo, abahlaseli baxhomekeke kubasebenzisi abangakhathaliyo abenze ukuchwetheza kwaye abaqaphelanga umahluko kwigama xa bekhangela. Ukuthathela ingqalelo ukuthandwa kwamathala eencwadi asemthethweni (inani lokukhutshelwa lingaphezulu kwezigidi ezingama-21 zeekopi ngosuku), ezo zinto zifihliweyo zifihlwa njengokuba, amathuba okubamba ixhoba aphezulu kakhulu; umzekelo, iyure emva kokupapashwa iphakheji yokuqala ekhohlakeleyo, yakhutshelwa ngaphezulu kwamaxesha angama-100.
Kuyaphawuleka ukuba kwiveki ephelileyo elona qela linye labaphandi bachonga ezinye iipakethe ezikhohlakeleyo ezingama-30 kwiPyPI, ezinye zazo bezifihlwe njengamathala eencwadi adumileyo. Ngexesha lohlaselo, olwathatha malunga neeveki ezimbini, iipakethe ezinobungozi zakhutshelwa izihlandlo ezingama-5700. Esikhundleni sombhalo wokutshintsha izipaji ze-crypto kule phakheji, icandelo eliqhelekileyo le-W4SP-Stealer lisetyenzisiwe, elikhangela inkqubo yendawo yamagama ayimfihlo agciniweyo, izitshixo zokufikelela, i-crypto wallets, iithokheni, iseshoni yeeKuki kunye nolunye ulwazi oluyimfihlo, kwaye ithumela iifayile ezifunyenweyo. ngeDiscord.
Umnxeba oya ku-W4SP-Stealer wenziwa ngokubeka endaweni yebinzana elithi "__import__" kwi-setup.py okanye __init__.py iifayile, ezazahlulwe linani elikhulu lezithuba zokwenza umnxeba ku-__import__ ngaphandle kwendawo ebonakalayo kumhleli wokubhaliweyo. Ibhloko ethi "__import__" iguqule ibhloko ye-Base64 yaza yayibhalela kwifayile yethutyana. Ibhloko iqulethe iscript sokukhuphela kunye nokufaka iW4SP Stealer kwisistim. Endaweni yentetho ethi β__import__β, ibhlokhi eyingozi kwezinye iipakethe yafakwa ngokuhlohla ipakethe eyongezelelweyo kusetyenziswa umnxeba othi βpip installβ osuka kwiscriptup.py script.
Iipakethe ezichongiweyo ezikhohlakeleyo ezingcolisa amanani e-crypto wallet:
- i-baeutifulsoup4
- intlesup4
- iklorama
- ikriptografi
- i-crpytography
- idjangoo
- molo-ihlabathi-umzekelo
- molo-ihlabathi-umzekelo
- ipyhton
- isiqinisekisi-imeyile
- mysql-isidibanisi-pyhton
- incwadi yokubhalela
- pyautogiu
- i-pygaem
- i-pythorhc
- ipython-dateuti
- i-python-flask
- i-python3-flask
- ipiyalm
- iiRqeuests
- islenium
- sqlachemy
- sqlcemy
- tkniter
- urlb
Iipakethe ezinobungozi ezichongiweyo ezithumela idatha enovakalelo ukusuka kwisixokelelwano:
- typeutil
- umtya wokuchwetheza
- sutiltype
- duonet
- fatnoob
- i-strinfer
- pydprotect
- incrivelsim
- twyne
- umbhalo
- i-installpy
- FAQ
- colorwin
- izicelo-httpx
- umbala
- shaasigma
- umtya
- felpesviadinho
- cypress
- i-pystyte
- ipyslyte
- i-pystyle
- ipyurllib
- i-algorithmic
- Ewe
- Kulungile
- curlapi
- uhlobo-umbala
- pyhints
umthombo: opennet.ru