Kukhathalogi ye-PyPI (Python Package Index), amaphakheji anonya angama-26 akhonjwe aqukethe ikhodi efihliwe kuskripthi se-setup.py, esinquma ukuba khona kwezihlonzi ze-crypto wallet ebhodini lokunamathisela futhi iziguqule esikhwameni somhlaseli (kucatshangwa ukuthi lapho kwenziwa inkokhelo, isisulu ngeke siqaphele ukuthi imali edluliswa ngenombolo ye-wallet yokushintshanisa ibhodi yehlukile).
Ukufaka esikhundleni kwenziwa iskripthi se-JavaScript, okuthi, ngemva kokufaka iphakheji enonya, sishumekwe esipheqululini ngendlela yesengezo sesiphequluli, esisetshenziswa kumongo wekhasi ngalinye lewebhu elibukiwe. Inqubo yokufaka isengezo iqondene ngqo nenkundla yeWindows futhi isetshenziselwa iziphequluli ze-Chrome, Edge kanye neBrave. Isekela ukushintshwa kwezikhwama zemali ze-ETH, BTC, BNB, LTC kanye ne-TRX cryptocurrencies.
Amaphakheji anonya afihliwe kuhla lwemibhalo lwe-PyPI njengamalabhulali athile adumile asebenzisa i-typequatting (ukunikeza amagama afanayo ahlukile ngezinhlamvu ngazinye, isibonelo, i-excel esikhundleni sesibonelo, i-djangoo esikhundleni se-django, i-pyhton esikhundleni se-python, njll.). Njengoba ama-clones adaliwe aphindaphinda ngokuphelele amalabhulali asemthethweni, ahluke kuphela ekufakweni okunonya, abahlaseli bathembele kubasebenzisi abanganakile abenze iphutha futhi ababonanga umehluko egameni lapho besesha. Uma kucatshangelwa ukuduma kwemitapo yolwazi yokuqala (inombolo yokulandwa idlula amakhophi ayizigidi ezingama-21 ngosuku), lawo makhophi anonya afihlwa njengokuthi, amathuba okubamba isisulu aphezulu kakhulu; isibonelo, ihora ngemva kokushicilelwa Iphakethe lokuqala elinonya, lalandwa izikhathi ezingaphezu kwe-100.
Kuyaphawuleka ukuthi ngesonto eledlule iqembu elifanayo labacwaningi lihlonze amanye amaphakheji anonya angama-30 ku-PyPI, amanye awo ayefihlwe njengemitapo yolwazi edumile. Phakathi nokuhlasela, okwathatha cishe amasonto amabili, amaphakheji anonya alandwa izikhathi ezingu-5700. Esikhundleni sombhalo wokushintsha izikhwama ze-crypto kulawa maphakheji, kwasetshenziswa ingxenye evamile ye-W4SP-Stealer, esesha uhlelo lwendawo ukuze uthole amaphasiwedi agciniwe, okhiye bokufinyelela, izikhwama ze-crypto, amathokheni, amakhukhi weseshini nolunye ulwazi oluyimfihlo, futhi ithumela amafayela atholakele. nge-Discord.
Ucingo oluya ku-W4SP-Stealer lwenziwe ngokushintsha inkulumo ethi "__import__" ku-setup.py noma __init__.py amafayela, ahlukaniswa ngezikhala eziningi zokwenza ikholi ethi __import__ ngaphandle kwendawo ebonakalayo kusihleli sombhalo. Ibhulokhi elithi "__import__" lisuse ikhodi ibhulokhi ye-Base64 futhi yalibhalela efayeleni lesikhashana. Ibhulokhi ibiqukethe iskripthi sokulanda nokufaka i-W4SP Stealer ohlelweni. Esikhundleni sesisho esithi “__import__”, ukuvimba okunonya kwamanye amaphakheji kwafakwa ngokufaka iphakheji eyengeziwe kusetshenziswa ikholi ethi “pip install” evela kuskripthi se-setup.py.
Amaphakheji anonya akhonjiwe aphanga izinombolo ze-crypto wallet:
- i-baeutifulsoup4
- amahlesup4
- i-cloorama
- i-cryptography
- i-crpytography
- djangoo
- sawubona-isibonelo somhlaba
- sawubona-isibonelo somhlaba
- ipyhton
- isiqinisekisi semeyili
- i-mysql-isixhumi-pyhton
- incwadi yokubhalela
- pyautogiu
- i-pygaem
- i-pythorhc
- i-python-dateuti
- i-python-flask
- i-python3-flask
- i-pyyalm
- ama-rqeuest
- i-slenium
- sqlachemy
- sqlcemy
- i-tkniter
- i-urllib
Amaphakheji anonya akhonjiwe athumela idatha ebucayi esuka kusistimu:
- typeutil
- uhlobo lwentambo
- sutiltype
- i-duonet
- fatnoob
- i-strinfer
- i-pydprotect
- incrivelsim
- twine
- i-pyptext
- i-installpy
- faq
- colorwin
- izicelo-httpx
- colorsama
- shaasigma
- umucu
- felpesmediadinho
- umsipresi
- i-pystyte
- i-pyslyte
- i-pystyle
- i-pyurllib
- i-algorithmic
- ooh
- kulungile
- i-curlapi
- uhlobo-umbala
- ama-pyhints
Source: opennet.ru