Inqolobane ye-NPM ikhombe amaphakheji anonya ayi-17 asatshalaliswa kusetshenziswa uhlobo lwe-squatting, i.e. ngokunikezwa kwamagama afana namagama emitapo yolwazi edumile ngokulindela ukuthi umsebenzisi uzokwenza iphutha lapho ethayipha igama noma ngeke aqaphele umehluko lapho ekhetha imojuli ohlwini.
ΠΠ°ΠΊΠ΅ΡΡ discord-selfbot-v14, discord-lofy, discordsystem ΠΈ discord-vilao ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π»ΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π²Π°ΡΠΈΠ°Π½Ρ Π»Π΅Π³ΠΈΡΠΈΠΌΠ½ΠΎΠΉ Π±ΠΈΠ±Π»ΠΈΠΎΡΠ΅ΠΊΠΈ discord.js, ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»ΡΡΡΠ΅ΠΉ ΡΡΠ½ΠΊΡΠΈΠΈ Π΄Π»Ρ Π²Π·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΈΡ Ρ API Discord. ΠΡΠ΅Π΄ΠΎΠ½ΠΎΡΠ½ΡΠ΅ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΡ Π±ΡΠ»ΠΈ ΠΈΠ½ΡΠ΅Π³ΡΠΈΡΠΎΠ²Π°Π½Ρ Π² ΠΎΠ΄ΠΈΠ½ ΠΈΠ· ΡΠ°ΠΉΠ»ΠΎΠ² ΠΏΠ°ΠΊΠ΅ΡΠ° ΠΈ Π²ΠΊΠ»ΡΡΠ°Π»ΠΈ ΠΎΠΊΠΎΠ»ΠΎ 4000 ΡΡΡΠΎΠΊ ΠΊΠΎΠ΄Π°, Π·Π°ΠΏΡΡΠ°Π½Π½ΠΎΠ³ΠΎ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΈΡΠΊΠ°ΠΆΠ΅Π½ΠΈΡ ΠΈΠΌΡΠ½ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ , ΡΠΈΡΡΠΎΠ²Π°Π½ΠΈΡ ΡΡΡΠΎΠΊ ΠΈ Π½Π°ΡΡΡΠ΅Π½ΠΈΡ ΡΠΎΡΠΌΠ°ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΊΠΎΠ΄Π°. ΠΠΎΠ΄ ΡΠΊΠ°Π½ΠΈΡΠΎΠ²Π°Π» Π»ΠΎΠΊΠ°Π»ΡΠ½ΡΡ Π€Π‘ Π½Π° ΠΏΡΠ΅Π΄ΠΌΠ΅Ρ ΡΠΎΠΊΠ΅Π½ΠΎΠ² Discord ΠΈ Π² ΡΠ»ΡΡΠ°Π΅ Π²ΡΡΠ²Π»Π΅Π½ΠΈΡ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ» ΠΈΡ Π½Π° isifiso abangeneleli.
Iphakheji yokulungisa iphutha kwathiwa ilungisa iziphazamisi ku-Discord selfbot, kodwa yayihlanganisa uhlelo lokusebenza lwe-Trojan olubizwa ngokuthi i-PirateStealer entshontsha izinombolo zekhadi lesikweletu nama-akhawunti ahlotshaniswa ne-Discord. Ingxenye enobungozi yenziwe yasebenza ngokufaka ikhodi ye-JavaScript kuklayenti le-Discord.
Iphakheji ye-prerequests-xcode ihlanganisa i-Trojan yokuhlela ukufinyelela okukude ohlelweni lomsebenzisi, ngokusekelwe kuhlelo lokusebenza lwe-DiscordRAT Python.
Kukholakala ukuthi abahlaseli bangase badinge ukufinyelela kumaseva e-Discord ukuze bakhiphe izindawo zokulawula i-botnet, njengommeleli wokulanda ulwazi kumasistimu onakalisiwe, ukuvala ukuhlaselwa, ukusabalalisa uhlelo olungayilungele ikhompuyutha phakathi kwabasebenzisi be-Discord, noma ukuthengisa kabusha ama-akhawunti e-premium.
Amaphakheji e-wafer-bind, wafer-autocomplete, wafer-beacon, wafer-caas, wafer-toggle, wafer-geolocation, wafer-image, wafer-form, wafer-lightbox, octavius-public kanye ne-mrg-message-broker ifaka ikhodi ukuthumela okuqukethwe kokuguquguqukayo kwemvelo, lokho, isibonelo, okungahlanganisa okhiye bokufinyelela, amathokheni noma amaphasiwedi kumasistimu okuhlanganiswa okuqhubekayo noma izindawo zamafu ezifana ne-AWS.
Source: opennet.ru
