Kwiintsuku ezimbalwa ezidlulileyo Ukuguqula abaphandi beLabs bakhululwe ngeposi, iziphumo zohlalutyo lokusetyenziswa kokuchwetheza kwindawo yokugcina iRubyGems. Ngokwesiqhelo typosquatting isetyenziselwa ukuhambisa iiphakheji ezinobungozi yenzelwe ukuvumela umphuhlisi ongakhathaliyo ukuba enze typo okanye angawuboni umohluko.
Uphononongo luveze ngaphezulu kweephakeji ezingama-700, cAmagama abo ayafana neephakeji ezidumileyo kwaye ahlukile kwiinkcukacha ezincinci, umzekelo, ukubuyisela oonobumba abafanayo okanye ukusebenzisa ii-underscores endaweni yehyphen.
Ukuthintela la manyathelo, abantu abakhohlakeleyo bahlala bekhangela iindlela ezintsha zokuhlasela. Enye vector, ebizwa ngokuba kukuhlaselwa kwesoftware, iya isiba yinto edumileyo.
Kwiphakeji ezahlalutyiweyo, kwaqatshelwa ukuba ngaphezulu kweephakeji ezingama-400 zachongwa njengezinezinto ezikrokrisayo dUmsebenzi owonakeleyo. Ngokukodwa, ngaphakathi Ifayile yayiyi-aaa.png, ebandakanya ikhowudi enokufezekiswa kwifomathi ye-PE.
Malunga neephakeji
Iiphakheji ezinobungozi zazibandakanya ifayile yePNG enefayile ephunyeziweyo yeqonga leWindows endaweni yomfanekiso. Ifayile yaveliswa kusetyenziswa i-Ocra Ruby2Exe eluncedo kwaye yafakwa Ugcino oluzikhuphileyo ngesikripthi seRuby kunye netoliki kaRuby.
Xa ufaka iphakheji, ifayile ye-png yathiywa igama kwakhona kwaye yaqala. Ngexesha lokubulawa, ifayile yeVBScript yenziwe kwaye yongezwa kwi-autostart.
I-VBScript enobungozi echazwe kwilogo yaskena umxholo webhodi eqhotyoshwayo yolwazi olufana needilesi zesikhwama se-crypto kwaye kwimeko yokufumanisa, ithathe indawo yenombolo yesipaji ngolindelo lokuba umsebenzisi akazukuwubona umohluko kwaye uya kugqithisela imali kwisipaji esingalunganga.
Ukuchwetheza kunomdla ngokukodwa. Sebenzisa olu hlobo lohlaselo bathi ngabom iipakethe ezinobungozi ukuze zibukeke njengezithandwayo ngangokunokwenzeka, ngethemba lokuba umsebenzisi ongalindelanga uya kupela igama kwaye ngokungazenzisiyo afake iphakheji enobungozi endaweni yoko.
Uphononongo lubonise ukuba akukho nzima ukongeza iiphakheji ezinobungozi kwenye yezona ndawo zidumileyo kwaye ezi phakheji zinokungaqapheleki, ngaphandle kwenani elibalulekileyo lokukhutshelwa. Kufuneka iqatshelwe into yokuba umba awuchazwanga ngokukodwa kwiRubyGems kwaye usebenza kwezinye izinto zokugcina ezithandwayo.
Umzekelo, kunyaka ophelileyo, abaphandi abafanayo bachonge indawo yokugcina I-NPM ipakethe eyakhiweyo ye-bb esebenzisa ubuchwephesha obufanayo ukuqhuba ifayile ephunyeziweyo ukuze ube namaphasiwedi. Ngaphambi koku, kwafunyanwa umnyango ongasemva ngokuxhomekeke kwiphakheji yomsitho we-NPM kunye nekhowudi enobungozi ekhutshelwe phantse amaxesha angama-8 ezigidi. Iiphakheji ezinobungozi nazo zivela rhoqo kwiindawo zokugcina zePyPI.
Ezi phakheji Banxulunyaniswa neeakhawunti ezimbini apho, Ukususela ngoFebruwari 16 ukuya kuFebruwari 25, 2020, kwapapashwa iipakethi ezingama-724 ezinobungozis kwiRubyGems leyo iyonke ikhutshelwe malunga namawaka angama-95 amawaka.
Abaphandi baxelele ulawulo lweRubyGems kwaye iipakeji ezichongiweyo ze-malware sele zisusiwe kwindawo yokugcina izinto.
Olu hlaselo lusongela ngokungangqalanga imibutho ngokuhlasela abathengisi benkampani yesithathu ebabonelela ngesoftware okanye iinkonzo. Kuba abathengisi ngokubanzi babonwa njengabapapashi abathembekileyo, imibutho ihlala ichitha ixesha elincinci iqinisekisa ukuba iiphakeji abazisebenzisayo azinayo ikhompyutha.
Kwiphakheji yengxaki echongiweyo, eyona idumileyo yayiyi-atlas-client, ethi ekuqalekeni iphantse ingacaciski kwiphakheji esemthethweni ye-atlas_client. Iphakheji echaziweyo ikhutshelwe amaxesha angama-2100 (iphakheji eqhelekileyo ikhutshelwe amaxesha angama-6496, oko kukuthi, abasebenzisi bayifumene gwenxa phantse ama-25% amatyala).
Iiphakheji eseleyo zikhutshelwe kumndilili we-100-150 amaxesha kwaye zifihliwe kwezinye iipakeji usebenzisa enye ekrwelelwayo kunye neqhinga lokutshintsha (umzekelo, phakathi kweepakethi ezinobungozi: i-appium-lib, i-action-mail_cache_delivery, activemodel_validators, asciidoctor_bibliography, aspe-pipeline, asethi-validators, ar_octopus- replication tracking, aliyun-open_search, aliyun-mns, ab_split, apns-polite).
Ukuba ufuna ukwazi ngakumbi malunga nesifundo esenziweyo, unganxibelelana neenkcukacha ukulandela ikhonkco.