Inkampani ye-ReversingLabs imiphumela yokuhlaziywa kwesicelo endaweni yokugcina ye-RubyGems. Ngokuvamile, i-typequatting isetshenziselwa ukusabalalisa amaphakheji anonya abalwe ukuthi abangele unjiniyela ongaqaphile ukuthi enze iphutha noma angawuboni umehluko lapho esesha. Ucwaningo luhlonze amaphakheji angaphezu kuka-700 amagama awo afana namaphakheji adumile futhi ahluke ngemininingwane emincane, njengokushintsha amagama afanayo noma ukusebenzisa ama-underscore esikhundleni samadeshi.
Emaphaketheni angaphezu kuka-400, kutholwe izingxenye okusolwa ukuthi zenza izinto ezinonya. Ikakhulukazi, ngaphakathi kwakukhona ifayela elithi aaa.png, elihlanganisa ikhodi esebenzisekayo ngefomethi ye-PE. Lawa maphakheji ahlotshaniswa nama-akhawunti amabili okwathi ngawo, kusukela ngoFebhuwari 16 kuya ku-25, 2020, kwasingathwa iRubyGems. , ezilandwe sezizonke izikhathi ezingaba yizinkulungwane ezingu-95. Abacwaningi bazise abaphathi beRubyGems futhi amaphakheji anonya akhonjiwe asesusiwe endaweni yokugcina.
Kumaphakheji ayinkinga ahlonziwe, ethandwa kakhulu kwakuyi-"atlas-client", okuthi uma uthi nhlΓ‘ icishe ihlukaniseke nephakeji elisemthethweni "". Iphakheji eshiwo ilandwe izikhathi ezingu-2100 (iphakheji evamile yalandwa izikhathi ezingu-6496, okungukuthi abasebenzisi babenephutha cishe ezimweni ezingu-25%). Amaphakheji asele alandwe izikhathi eziyi-100-150 ngokwesilinganiso futhi afihlwa njengamanye amaphakheji kusetshenziswa izindlela ezifanayo zokugcizelela kanye nokushintshanisa udwi (isibonelo, phakathi : appium-lib, action-mailer_cache_delivery, activemodel_validators, asciidoctor_bibliography, assets-pipeline, apress_validators, ar_octopus-replication-tracking, aliyun-open_search, aliyun-mns, ab_split, apns-polite).
Amaphakheji anonya afaka phakathi ifayela le-PNG eliqukethe ifayela elisebenzisekayo leplathifomu yeWindows esikhundleni sesithombe. Ifayela lakhiwe kusetshenziswa insiza ye-Ocra Ruby2Exe futhi lafaka ingobo yomlando ezikhiphela yona enombhalo weRuby kanye nomhumushi weRuby. Lapho ufaka iphakheji, ifayela le-png laqanjwa kabusha ukuze li-exe futhi liqaliswe. Phakathi nokusetshenziswa, ifayela eline-VBScript ladalwa futhi lafakwa ku-autorun. I-VBScript enonya eshiwo ku-loop ihlaziye okuqukethwe ebhodini lokunamathisela ngolwazi olufana namakheli we-crypto wallet, futhi uma itholakele, yashintsha inombolo yesikhwama ngokulindela ukuthi umsebenzisi ngeke abone umehluko futhi adlulisele izimali esikhwameni esingalungile.
Ucwaningo olwenziwayo lubonise ukuthi akunzima ukufeza ukungezwa kwamaphakheji anonya kwenye yezindawo zokugcina ezidume kakhulu futhi lawa maphakheji angakwazi ukuqashelwa, naphezu kwenani elibalulekile lokulandwa. Kufanele kuqashelwe ukuthi inkinga I-RubyGems futhi ithinta ezinye izinqolobane ezidumile. Ngokwesibonelo, ngonyaka odlule abacwaningi efanayo endaweni ye-NPM, iphakheji ye-bb-builder enonya esebenzisa indlela efanayo ukuqalisa okusebenzisekayo ukuze kwebe amaphasiwedi. Ngaphambi kwalokho, i-backdoor yayikhona kuye ngokusakaza komcimbi wephakheji ye-NPM kanye nekhodi enonya ilandwe izikhathi ezingaba yizigidi ezingu-8. Amaphakheji anonya futhi endaweni yokugcina ye-PyPI.
Source: opennet.ru