Inqolobane ye-NPM ikhombe amaphakheji anonya ayi-17 asatshalaliswa kusetshenziswa uhlobo lwe-squatting, i.e. ngokunikezwa kwamagama afana namagama emitapo yolwazi edumile ngokulindela ukuthi umsebenzisi uzokwenza iphutha lapho ethayipha igama noma ngeke aqaphele umehluko lapho ekhetha imojuli ohlwini.
I-discord-selfbot-v14, i-discord-lofy, i-discordsystem, namaphakheji e-discord-vilao asebenzise inguqulo elungisiwe yelabhulali ye-discord.js esemthethweni, ehlinzeka ngemisebenzi yokusebenzelana ne-Discord API. Izingxenye ezinonya zihlanganiswe kwelinye lamafayela ephakeji futhi zafaka cishe imigqa yekhodi ye-4000, efiphaziwe kusetshenziswa igama eliguquguqukayo le-mangling, ukubethela kwezintambo, kanye nokwephulwa kokufometha kwekhodi. Ikhodi iskene i-FS yendawo ukuthola amathokheni e-Discord futhi, uma etholiwe, yawathumela kuseva yabahlaseli.
Iphakheji yokulungisa iphutha kwathiwa ilungisa iziphazamisi ku-Discord selfbot, kodwa yayihlanganisa uhlelo lokusebenza lwe-Trojan olubizwa ngokuthi i-PirateStealer entshontsha izinombolo zekhadi lesikweletu nama-akhawunti ahlotshaniswa ne-Discord. Ingxenye enobungozi yenziwe yasebenza ngokufaka ikhodi ye-JavaScript kuklayenti le-Discord.
Iphakheji ye-prerequests-xcode ihlanganisa i-Trojan yokuhlela ukufinyelela okukude ohlelweni lomsebenzisi, ngokusekelwe kuhlelo lokusebenza lwe-DiscordRAT Python.
Kukholakala ukuthi abahlaseli bangase badinge ukufinyelela kumaseva e-Discord ukuze bakhiphe izindawo zokulawula i-botnet, njengommeleli wokulanda ulwazi kumasistimu onakalisiwe, ukuvala ukuhlaselwa, ukusabalalisa uhlelo olungayilungele ikhompuyutha phakathi kwabasebenzisi be-Discord, noma ukuthengisa kabusha ama-akhawunti e-premium.
Amaphakheji e-wafer-bind, wafer-autocomplete, wafer-beacon, wafer-caas, wafer-toggle, wafer-geolocation, wafer-image, wafer-form, wafer-lightbox, octavius-public kanye ne-mrg-message-broker ifaka ikhodi ukuthumela okuqukethwe kokuguquguqukayo kwemvelo, lokho, isibonelo, okungahlanganisa okhiye bokufinyelela, amathokheni noma amaphasiwedi kumasistimu okuhlanganiswa okuqhubekayo noma izindawo zamafu ezifana ne-AWS.
Source: opennet.ru