Ezinsukwini ezimbalwa ezedlule i Abacwaningi beReversingLabs bakhishiwe ngokusebenzisa okuthunyelwe kwebhulogi, imiphumela yokuhlaziywa kokusetshenziswa kwe-typosquatting endaweni yokugcina yamaRubyGems. Ukuthayipha ngokujwayelekile esetshenziselwa ukusabalalisa amaphakheji anonya yakhelwe ukuvumela unjiniyela onganakile ukuthi enze i-typo noma angawuboni umehluko.
Ucwaningo luveze ngaphezu kwamaphakeji angama-700, cAmagama abo ayafana namaphakeji athandwayo futhi ahlukile ngemininingwane emincane, ngokwesibonelo, ukufaka esikhundleni sezinhlamvu ezifanayo noma ukusebenzisa imibhalo engezansi esikhundleni sehayifeni.
Ukugwema lezi zinyathelo, abantu abanonya bahlala befuna ukuthwala okusha. Enye i-vector enjalo, ebizwa ngokuhlaselwa kwesoftware, iya ngokuya ithandwa.
Kumaphakeji ahlaziyiwe, kwaqashelwa ukuthi ngaphezu kwamaphakeji angama-400 atholakala njenganezinto ezisolisa de imisebenzi enonya. Ikakhulu, ngaphakathi kwe- Ifayela beliyi-aaa.png, ebifaka ikhodi ephathekayo ngefomethi ye-PE.
Mayelana namaphakheji
Amaphakeji amabi afaka phakathi ifayili le-PNG eliqukethe ifayela elisebenzisekayo yesikhulumi seWindows esikhundleni sesithombe. Ifayela lenziwe kusetshenziswa i-Ocra Ruby2Exe utility futhi lafakwa ingobo yomlando yokuzikhipha enombhalo kaRuby notolika kaRuby.
Lapho ufaka iphakheji, ifayela le-png liqanjwe kabusha kwathiwa i- exe futhi kwaqala. Ngesikhathi sokubulawa, ifayela le-VBScript lenziwe lanezelwa ku-autostart.
I-VBScript enonya echazwe ku-loop iskene okuqukethwe kwebhodi yokunameka ngolwazi olufana namakheli esikhwama se-crypto futhi uma kutholakala, ithathe indawo yenombolo yesikhwama ngokulindela ukuthi umsebenzisi ngeke akubone umehluko futhi azodlulisela imali esikhwameni esingalungile.
I-typosquatting iyathandeka ikakhulukazi. Besebenzisa lolu hlobo lokuhlaselwa ngamabomu baqamba amaphakheji amabi ukuze abukeke njengabantu abadumile ngangokunokwenzeka, ngethemba lokuthi umsebenzisi ongalindelekile uzophutha igama kahle bese efaka iphakethe elinonya engahlosile.
Ucwaningo lukhombisile ukuthi akunzima ukwengeza amaphakheji amabi kwesinye sezinqolobane ezithandwa kakhulu futhi lawa maphakeji angabonakala, ngaphandle kokulandwa okuningana. Kumele kuqashelwe ukuthi le nkinga ayicacisiwe kumaRubyGems futhi isebenza kwamanye amakhosombe athandwayo.
Isibonelo, ngonyaka odlule, abacwaningi abafanayo bakhombe ku- indawo yokugcina NPM iphakethe elibi le-bb-builder elisebenzisa inqubo efanayo ukusebenzisa ifayela elisebenzisekayo lokweba amaphasiwedi. Ngaphambi kwalokhu, kutholwe umnyango wangemuva ngokuya ngephakethe lokusakazwa komcimbi i-NPM futhi ikhodi enamacala ilandwe cishe izikhathi eziyizigidi eziyi-8. Amaphakeji amabi nawo avela ngezikhathi ezithile ezinqolobaneni zePyPI.
Lezi amaphakheji bezihlotshaniswa nama-akhawunti amabili ngalo, Kusukela ngoFebhuwari 16 kuya kuFebhuwari 25, 2020, kwashicilelwa amaphakethe angama-724 amabis kuRubyGems lokho sekukonke kulayishwe cishe izikhathi eziyizinkulungwane ezingama-95.
Abaphenyi bazise ukuphathwa kweRubyGems futhi amaphakheji we-malware akhonjisiwe asesusiwe endaweni yokugcina izinto.
Lokhu kuhlasela kusongela izinhlangano ngokungaqondile ngokuhlasela abathengisi abavela eceleni abazinikeza isoftware noma izinsizakalo. Njengoba abathengisi abanjalo imvamisa bethathwa njengabashicileli abathembekile, izinhlangano zivame ukusebenzisa isikhathi esincane ukuqinisekisa ukuthi amaphakheji abawasebenzisayo akanayo i-malware ngempela.
Kumaphakethe ezinkinga akhonjwe, okwakudume kakhulu kwakuyi-atlas-client, okuthi lapho uthi nhlá ungacaci kahle kusuka kuphakeji esemthethweni ye-atlas_client. Iphakheji ebekiwe ilandwe izikhathi ezingama-2100 (iphakheji ejwayelekile ilandwe izikhathi ezingama-6496, okungukuthi, abasebenzisi benze iphutha cishe emacaleni angama-25%).
Amaphakeji asele alandwe ngokwesilinganiso izikhathi eziyi-100-150 futhi afihle amanye amaphakheji kusetshenziswa inqubo efanayo yokudwebela ne-hyphen (ngokwesibonelo, phakathi kwamaphakethe anonya: i-appium-lib, i-action-mail_cache_delivery, activemodel_validators, asciidoctor_bibliography, assets-pipeline, assets-validators, ar_octopus- replication tracking, aliyun-open_search, aliyun-mns, ab_split, apns-polite).
Uma ufuna ukwazi kabanzi ngocwaningo olwenziwe, ungaxhumana nemininingwane ku- isixhumanisi esilandelayo.