I-NPM iphinda ikhathazwe sisikhukula seepakethi ezikhohlakeleyo ezikhokelela ekuvinjweni kwenkonzo
Ulwazi lwakhutshwa malunga ne-a ingxaki eye yavela kwi-NPM kunye ngulo hackers ikhukulise indawo yokugcina npm iipakethe zemithombo evulekileyo yeNode.js ngeepakethe zomgunyathi oko kwade kwabangela ngokufutshane uhlaselo lokwaliwa kwenkonzo (DoS).
nangona kutshanje amaphulo afanayo abonwe ukusasaza amakhonkco e-phishing, i-wave yamva nje izise inani leenguqulelo zephakheji kwi-1,42 yezigidi, ukwanda okumangalisayo ukusuka kwiiphakheji ezimalunga ne-800,000 ezipapashwe kwi-npm.
Kwaye oko abahlaseli benza iiwebhusayithi ezinobungozi kwaye bathumele iipakethi ezingenanto eziqulathe amakhonkco kwezi webhusayithi zikhohlakeleyo, zithatha ithuba lodumo oluhle lomthombo ovulekileyo we-ecosystem kwiinjini zokukhangela, kunye nohlaselo olubangele ukukhanyelwa kwenkonzo (DoS) eyenze i-NPM ingazinzanga ngeempazamo ze 'Inkonzo Ayifumaneki''.
Siwabonile amaphulo espam kwindawo evulekileyo yendalo kulo nyaka uphelileyo, kodwa le nyanga ibiyeyona imbi kakhulu esiyibonileyo.
Abahlaseli kuyabonakala ukuba bafumene i-ecosystems evulelekileyo engangqinisiswanga njengento ekujoliswe kuyo ngokulula ukwenza ityhefu ye-SEO kumaphulo ahlukeneyo akhohlakeleyo. Ngethuba nje igama lingathathwanga, banokupapasha inani elingenamkhawulo lamapakethe.
Ngokuqhelekileyo inani leenguqulelo zepakethe ezikhutshelwe i-NPM zijikeleze i-800*000. Nangona kunjalo, kwinyanga edlulileyo, eli nani lidlule kwi-1,4 yezigidi ngenxa yomthamo ophezulu wamaphulo e-spam.
Ubuchule bokuhlasela buthatha ithuba Inyani yokuba oovimba bemithombo evulekileyo babeka phezulu kwiziphumo zenjini yokukhangela ukwenza iiwebhusayithi ezinobungozi kwaye ukhuphele iimodyuli ezingenanto ze-npm ngamakhonkco kwezi sayithi kwiifayile ze-README.md.
Ngale ndlela yokuhlasela, abaphulimthetho be-cyber benza iiwebhusayithi ezinobungozi kwaye bathumele iipakethi ezingenanto kunye namakhonkco kwezi webhusayithi zikhohlakeleyo. Ekubeni i-ecosystems yomthombo ovulekileyo inegama eliphezulu kwiinjini zokukhangela, zonke iipakethe ezintsha ezivulekileyo kunye neenkcazo zazo zizuze eli gama elihle kunye nesalathisi kakuhle kwiinjini zokukhangela, okwenza zibonakale ngakumbi kubantu abangabasebenzisi.
Ekubeni yonke inkqubo izenzekelayo, umthwalo owenziwe ngokukhupha iipakethe ezininzi zikhokelela i-NPM ukuba ihlangabezane nemibandela yokuzinza ngokukhawuleza ekupheleni kukaMatshi 2023. Ngaloo ndlela, kuchazwe ukuba injongo yeli phulo kukusulela ixhoba nge-malicious .exe. ifayile.
Phakathi kweendlela ezahlukeneyo ezisetyenzisiweyo, kukhankanywa ukuba ngokukodwa i "bait" isetyenziswa kwayeleyo ngokwesiseko iphakheji ene "inkcazo ye-warez ehendayo" kumsebenzisi, okwenza kube lula ukuba amaxhoba akhangele kwaye ahlale kuloo maphepha e-npm.
Ukususela ngoko, umsebenzisi ofanayo nguye owenza yonke into eyimfuneko ukuze osuleleke, kuba xa ucofa kwikhonkco elifutshane, kukho iwebhusayithi yesiko ebonakala isemthethweni, kodwa ibanjwe kwisiseko se-hacker kwaye inikezela ukukhutshelwa kwesoftware ye-warez.
Oku kukhuphela ifayile ye-zip efihliweyo ethi, xa itsaliwe, yenze ubungakanani befayile engafakwanga .exe ye ~600MB. Le ndlela yobugcisa isetyenziselwa ukuphepha ukufunyanwa yi-EDRs.
Enye indlela esetyenziswayo leyo ikhankanyiweyo yenye leyo Ibandakanya ukulayisha ecaleni kweDLL, i-virtualization / ukuphepha kwebhokisi yesanti, ukukhubaza izixhobo kunye ne-firewall, izixhobo zokulahla ezifana ne-Glupteba, i-RedLine, i-Smoke Loader, i-xmrig kunye nokunye ukuba iziqinisekiso kunye ne-cryptocurrency yam.
Ngaphandle koko, nayo kuyakhankanywa ukuba abahlaseli idityaniswe kwiiwebhusayithi ezithengiswayo njengeAliExpress kusetyenziswa ii-ID ezithunyelwayo ezenziwe ngabo, kwaye ngaloo ndlela baxhamle kwimbuyekezo yokuthunyelwa.
Umlinganiselo weli phulo wawubalulekile, njengoko umthwalo ubangele ukuba i-NPM ingazinzi kunye neempazamo ze "Inkonzo Ayifumaneki".
Njenge, I-NPM kufuneka ithathe amanyathelo ngalo mba kwaye uphelise ezi ntlobo zeengxaki ezihlala zivela kwindawo yokugcina kuba iye yaba "kujoliswe kuyo" kubaduni.