Ukuhlaselwa kwakamuva kwabasebenzisi be-PyPI kukhombisa ukuthi amaqola aba ngcono

Amaphakheji anonya angaphezu kuka-400 asanda kulayishwa ku-PyPI (Python Package Index), inqolobane yekhodi esemthethweni yolimi lokuhlela lwePython, okukhombisa kwakamuva ukuthi ukukhonjwa konjiniyela besoftware abasebenzisa lolu hlobo lokuhlasela akuyona imfashini edlulayo.

Wonke amaphakheji angama-451 etholwe kamuva nje inkampani yezokuphepha i-Phylum iqukethe imithwalo eyingozi ecishe ifane futhi ilayishwe ngamaqhuqhuva afika ngokulandelana ngokushesha. Uma efakiwe, amaphakheji adala isandiso se-JavaScript esiyingozi esilayisha ngaso sonke isikhathi lapho isiphequluli sivulwa kudivayisi ethelelekile, iqhinga elinikeza ukuphikelela kwe-malware uma iqalisa kabusha.

I-JavaScript iqapha ibhodi lokunamathisela likanjiniyela othelelekile lanoma yimaphi amakheli e-cryptocurrency angase akopishelwe kuwo. Uma ikheli litholwa, uhlelo olungayilungele ikhompuyutha lufaka ikheli lomhlaseli esikhundleni salo. Inhloso: ukunqamula izinkokhelo unjiniyela abehlose ukuzenza eqenjini elihlukile.

NgoNovemba, uPhylum akhombe inqwaba yamaphakeji, alandwe izikhathi ezingamakhulu, asebenzise i-JavaScript efakwe ikhodi kakhulu ukuze enze into efanayo ngokuyimfihlo. Ngokuqondile, it:

• Udale indawo yombhalo ekhasini
• Unamathisele noma yikuphi okuqukethwe kwebhodi lokunamathisela kuyo
• Kusetshenziswe uchungechunge lwezisho ezivamile ukucinga amafomethi ekheli le-cryptocurrency evamile
• Kushintshwe noma yimaphi amakheli akhonjiwe kwafakwa amakheli alawulwa umhlaseli endaweni yombhalo edalwe ngaphambilini
• Ikopishelwe indawo yombhalo ebhodini lokunamathisela

“Uma nganoma yisiphi isikhathi umthuthukisi othintekayo ekopisha ikheli lesikhwama, iphakethe elinonya lizoshintsha ikheli libe nekheli elilawulwa umhlaseli,” kubhala i-Phylum Chief Technical Officer uLouis Lang eposini likaNovemba. “Lokhu kutholwa/ukubuyisela okucashile kuzodala ukuthi umsebenzisi wokugcina athumele imali yakhe kumhlaseli engazi.”

Indlela entsha ye-obfuscation

Ngaphandle kokukhulisa kakhulu inani lamaphakheji anonya alayishiwe, umkhankaso wakamuva futhi usebenzisa indlela ehluke kakhulu ukumboza amathrekhi awo. Nakuba amaphakheji adalulwe ngoNovemba asebenzise umbhalo wekhodi ukuze afihle ukuziphatha kwe-JavaScript, amaphakheji amasha abhala umsebenzi nezihlonzi eziguquguqukayo kulokho okubonakala kuyinhlanganisela engahleliwe ye-16-bit ye-ideographs yolimi lwesi-Chinese etholakala kuthebula elilandelayo:

Ngokusebenzisa leli thebula, umugqa wekhodi

''.join(map(getattr(__builtins__, oct.__str__()[-3 << 0] + hex.__str__()[-1 << 2] + copyright.__str__()[4 << 0]), [(((1 << 4) - 1) << 3) - 1, ((((3 << 2) + 1)) << 3) + 1, (7 << 4) - (1 << 1), ((((3 << 2) + 1)) << 2) - 1, (((3 << 3) + 1) << 1)]))

idala umsebenzi owakhelwe ngaphakathi chr futhi ibeka umsebenzi kuhlu lwamanani aphelele [119, 105, 110, 51, 50]. Khona-ke umugqa uwuhlanganisa ube yiyunithi yezinhlamvu ekugcineni eyakha 'win32'.

Abacwaningi bePhylum bachaza:

Singabona uchungechunge lwalezi zinhlobo zezingcingo oct.__str__()[-3 << 0]. I [-3 << 0] ihlola ukuze [-3] futhi oct.__str__() ihlola iyunithi yezinhlamvu '<built-in function oct>'. Ukusebenzisa i-index operator ye-Python [] entanjeni eno a -3 izobamba uhlamvu lwesi-3 kusukela ekugcineni kweyunithi yezinhlamvu, kulokhu '<built-in function oct>'[-3] izohlola ku 'c'. Ukuqhubeka nalokhu komunye u-2 lapha kusinika 'c' + 'h' + 'r' kanye nokuhlola kalula i-arithmetic eyinkimbinkimbi kancane ehanjiswe kwaze kwaba sekugcineni kusishiya nalokhu:

''.join(map(getattr(__builtins__, 'c' + 'h' + 'r'), [119, 105, 110, 51, 50]))

I getattr(__builtins__, 'c' + 'h' + 'r') isinika nje umsebenzi owakhelwe ngaphakathi chr bese kuba imephu chr ohlwini lwama-ints [119, 105, 110, 51, 50] bese ihlanganisa konke ndawonye ibe iyunithi yezinhlamvu ekugcineni isinikeze 'win32'. Le nqubo iqhutshwa kuyo yonke ikhodi.

Ngenkathi inikeza ukubukeka kwekhodi efiphele kakhulu, inqubo igcina ilula ukunqoba, abacwaningi bathi, ngokubheka nje ukuthi ikhodi yenzani uma isebenza.

Iqoqo lakamuva lamaphakheji anonya elizama ukwenza imali konjiniyela be-typos abakwenzayo lapho belanda elinye lala maphakheji asemthethweni:

• bitcoinlib
• ccxt
• cryptocompare
• i-cryptofeed
• i-freqtrade
• i-selenium
• solana
• i-vyper
• ama-websockets
• yfinance
• ama-panda
• i-matplotlib
• awuhttp
• isobho elihle
• tensorflow
• i-selenium
• scrapy
• umbala
• scikit-funda
• i-pytorch
• i-pygame
• i-pyinstaller

Amaphakheji aqondise iphakheji ye-vyper esemthethweni, ngokwesibonelo, asebenzise amagama wamafayela angu-13 ashiye noma aphinda uhlamvu olulodwa noma aguqule izinhlamvu ezimbili zegama elilungile:

• yper
• vper
• izir
• vype
• i-vvyper
• i-vyyper
• ivipper
• i-vypeer
• i-vyperr
• yvper
• vpyer
• izipr
• neze

“Le nqubo ilula kancane ukuzenzela ngeskripthi (sikushiya lokhu njengomsebenzi womfundi), futhi njengoba ubude begama lephakheji elisemthethweni bukhula, kanjalo nama-typosquats angenzeka,” kubhala abacwaningi. “Ngokwesibonelo, uhlelo lwethu luthole ama-typosquats angama-38 cryptocompare iphakheji eshicilelwe cishe kanye kanye umsebenzisi oqanjwe igama pinigin.9494.”

Ukutholakala kwamaphakheji anonya kumakhosombe ekhodi asemthethweni afana eduze namagama amaphakheji asemthethweni ahlehlela emuva okungenani ngo-2016 lapho umfundi wasekolishi. ulayishe amaphakheji angu-214 abanjwe nge-booby-trapped kumakhosombe e-PyPI, RubyGems, kanye ne-NPM aqukethe amagama ashintshiwe kancane amaphakheji asemthethweni. Umphumela: Ikhodi yomgunyathi yenziwe izikhathi ezingaphezu kwezingu-45,000 ezizindeni ezihlukene ezingaphezu kuka-17,000, futhi abangaphezu kwesigamu banikezwe amalungelo okuphatha anamandla. Okubizwa ngokuthi ukuhlaselwa kwe-typosquatting babe kwachuma njalo kusukela.

Amagama awo wonke amaphakheji anonya angama-451 abacwaningi bePhylum abawatholile afakiwe kuwo okuthunyelwe kwebhulogi. Akuwona umqondo omubi kunoma ubani obehlose ukulanda elinye lamaphakheji asemthethweni ahloselwe ukuhlola kabili ukuthi akazange yini athole i-doppelganger enonya.