- I-GlassWorm iphinda ivele ngezongezo eziyingozi ezithathu kwi-Open VSX echaphazela iKhowudi ye-VS.
- Ukusebenzisa oonobumba be-Unicode abangabonakaliyo kunye neC2 eguquguqukayo ngokuthengiselana eSolana.
- Ukubiwa kweziqinisekiso (i-GitHub, i-VSX evulekileyo kunye ne-Git) kunye nokukhupha i-49 i-wallet extensions.
- Impembelelo yehlabathi kunye namaxhoba eYurophu kunye neengcebiso ezisebenzayo kubaphuhlisi kunye neenkampani.
iphulo le isoftwe I-GlassWorm ibuyile ekusebenzeni kwiVisual Studio Code ecosystem ngebhetshi entsha ye izandiso ezimbi leyo, ukususela ngomhla wophando lwakutsha nje, bezisafumaneka ukuba zikhutshelwe kwi-Open VSX. Umsebenzi udibanisa ubuchule be Ukuphazamiseka nge-Unicode engabonakaliyo kunye nomyalelo kunye neziseko zokulawula ezihlaziywa ngokuthengiselana kwi-blockchain ye-Solana.
Emva kokuhlanjululwa kokuqala ngo-Oktobha, nini Vula i-VSX isuse izandiso ezinobungozi Kwaye emva kokujikeleza okanye ukurhoxisa amathokheni athotyiweyo, umlingisi ofanayo uye waphinda waphinda waphinda wavelisa izinto ezintsha, kwakhona ejolise kubaphuhlisi. Injongo ibandakanya ubusela iziqinisekiso GitHub, Vula VSX kunye Git, ukongeza ekucinyweni kweemali ezivela kuma-49 ezandiso zeepotfoliyo ze i-cryptocurrencies kunye nokufakelwa kwezinto eziluncedo zokufikelela kude.
Yintoni i-GlassWorm kwaye ingena njani kwi-VS Code ecosystem?
I-GlassWorm liphulo elithatha ithuba Visual Studio Code izandiso zombini kwiNdawo yeMarike yeMicrosoft kunye nakwi-Open VSX yobhaliso ukwazisa ikhowudi enobungozi. Uphawu lwayo olwahlukileyo kukusetyenziswa kwe iimpawu ezingabonakaliyo ze-Unicode ezingabonakali ngokukhawuleza kumhleli, kodwa ezivumela iJavaScript elungisiweyo ukuba yenziwe ngaphakathi kwizandiso ezibonakala zisemthethweni.
I-Malware ayibi nje ulwazi: ikwafuna ukuzisasaza kwimo ye "worm".ukubeka esichengeni iiakhawunti ezongezelelweyo kunye neeprojekthi ezineziqinisekiso ezibiweyo. Oku kubavumela ukuba bandise ukufikelela kwabo ngokukhupha iinguqulelo ezintsha zezandiso, ukufaka umva, kunye nokuhambisa izixhobo. ukufikelela kude kunye ne-keylogging kwizixhobo ezichaphazelekayo.
Omnye umba obuthathaka kakhulu weGlassWorm yi cryptocurrency ukuphanga isipaji ngokusebenzisa izandiso ezininzi ezinxulumene nesipaji. Le ndibaniselwano yobusela besazisi somphuhlisi, ukuguqulwa kovimba, kunye nokuhlaselwa kwempahla yezemali kwenza iphulo libe ngumngcipheko omkhulu kumaqela obugcisa kunye nemibutho yaseYurophu.
Iliza elitsha: izandiso ezibandakanyekayo kunye nomda
Ngokulandela umkhondo ozimeleyo ngamaqela amaninzi, umlingisi ubuyele kwi-VSX evulekileyo kunye nezandiso ezintathu ezabelana ngokufanayo I-Obfuscation ene-Unicode efihliweyo kunye nendlela yokuhlaziya yeC2 efanayo nguSolana. Ngokudibeneyo, badlula ngokulula i 10.000 i-ascargas, umthamo onokunyuswa ngumhlaseli ngokwakhe ukuze azuze ukuthembeka.
- ai-driven-dev.ai-driven-dev
- adhamu.imbali-kwi-sublime-dibaniso
- yasuyuky.transient-emacs
Nangona i-Open VSX yazisa izikhuselo emva kwesiganeko sokuqala, ezi Izandiso ezintathu zikwazile ukuziphepha. usebenzisa iindlela ezifanayo zokuzifihla. Ngexesha lokupapashwa kokugqibela uhlalutyo, belusafumaneka kwirejistri, egxininisa imfuneko yokomeleza ulawulo kunye nabasebenzisi ukuba bahlaziye iindawo zabo.
Uhlaselo lweziseko ezingundoqo kunye nophawu
Umsebenzisi we-GlassWorm uhlaziya iidilesi zayo umyalelo nolawulo ukupapasha iintengiselwano ezitshiphu kuthungelwano lweSolana. Le ndlela inikezela ukomelela: ukuba umncedisi wokuhlawula umvuzo uyasilela, kwanele ukuba khupha intengiselwano entsha ukuze iikhompyuter ezosulelekileyo zifumane ngokuzenzekela indawo ehlaziyiweyo.
Ukuvezwa ngempazamo a isiphelo somncedisi womhlaseli Oku kwavumela ukuqulunqwa koluhlu oluyinxenye lwamaxhoba akhoyo eUnited States, eMzantsi Merika, eYurophu naseAsia, kuquka iqumrhu likarhulumente wakuMbindi Mpuma. Nangona imibutho ethile yaseSpain ingachazwanga, umda waseYurophu ucebisa ukuba amaqela kwi-EU Basenokuba kwi-crosshairs.
Uhlalutyo lwasenkundleni luphinde lwafumana iirekhodi ze keylogger ukusuka kumsebenzisiOku kuphakamisa ukuba umenzi wobubi uthetha isiRashiya kwaye usebenzisa isakhelo se-RedExt esivulelekileyo njengenxalenye ye-browser-based based C2 infrastructure. Ezi ziqwenga zihambelana kunye nomdlali weqonga odibanisa ubuchule bobugcisa, ukuzingisa, kunye nokuguquguquka.
Ixesha lephulo kunye namaqonga achaphazelekayo
I-GlassWorm yabhalwa okokuqala ngasekupheleni kuka-Okthobha, kunye nolwandiso olulishumi elinambini kwiKhowudi yeVS kunye neVSX yeemarike ezivulekileyo eziqokelelana ngeenxa zonke. amashumi amawaka okhutshelweyo (umfanekiso ekunokwenzeka ukuba unyukile). Ukulandela eso sibetho sokuqala, Vula i-VSX isuse umxholo ofunyenweyo kunye iithokheni ezijikelezisiweyo okanye ezirhoxisiweyo ngo-Oktobha 21.
Kude nokucotha isantya, umdlali weqonga wajongisisa GitHubusebenzisa iziqinisekiso ezibiweyo ukutyhala izibophelelo ezikhohlakeleyo kwiindawo zokugcina. Kwiiveki kamva, yabuyela kwi-Open VSX registry kunye nezandiso ezintathu ezikhankanywe ngasentla, ukwandisa iphulo kwimida emininzi, kuquka. GitHub, NPM, kwaye Vula VSXAbaphandi baye babala ubuncinane 60 amaxhoba ahlukeneyo kuluhlu oluyinxenye, olucebisa ukuba eyona mpembelelo inokuba nkulu.
Amanyathelo okunciphisa kunye neengcebiso zeYurophu neSpain
Kumaqela ophuhliso: jonga kwakhona uluhlu lwe izandiso ezifakwe kwiKhowudi yeVS, khupha ezikrokrisayo kwaye ujonge iVula iVSX/umhleli kaMicrosoft ukuze uqinisekise ubume bompapashi. Kufanelekile ukunikela ingqalelo kwi... amagama afanayo okanye alinganisiweyo, uqingqo-maxabiso olungaqhelekanga kunye notshintsho lwakutsha nje kumlondolozi.
Ngokuphathelele iziqinisekiso, kuyacetyiswa jikelezisa amathokheni kunye nezitshixo Ukusuka kwi-GitHub/Vula i-VSX/Git, rhoxisa ii-PAT ezingasetyenziswanga, yenza i-2FA isebenze, kunye nezitshixo zokuphonononga SSHImibutho kufuneka yomeleze imigaqo-nkqubo kwi utyikityo kunye nokuphonononga utshintsho (ukukhuselwa kwesebe, ukuphononongwa okunyanzelekileyo) kunye nokubeka iliso kwintembeko kwimibhobho yeCI / CD.
Ukunciphisa umphezulu womngcipheko, vula umhleli umboniso wabalinganiswa abangabonakaliyoFaka ii-linters kunye nemithetho yokhuseleko ebona i-Unicode ekrokrayo, kunye ne-pin ukuxhomekeka okubalulekileyo kunye nezandiso. Kuphephe ukufaka izandiso ezivela kwiikhonkco ekwabelwana ngazo okanye imithombo engangqinisiswanga.
Ukuba kukrokrelwa ukulalanisa: izixhobo zodwa, rhoxisa iiseshoni ezisebenzayo Kubaxhasi, iindawo zokugcina uphicotho kunye neemfihlo zorhwebo, kwaye wazise irejistri/indawo yentengiso kunye neearhente zokunyanzeliswa komthetho. Kwi-EU, hlola izibophelelo zesaziso phantsi kwe GDPR kunye ne-NIS2 apho kufanelekileyo, kwaye ulungelelanise unxibelelwano nabo bachaphazelekayo.
Ukuvela kweGlassWorm kubonisa isakhono sabahlaseli ukuhlanganisa kwakhona nokubuya kunye nezandiso ezitsha kunye nemijelo yeC2 eyomelela. Kwicandelo lobuchwephesha baseYurophu, into ephambili kukuqinisa ulawulo kwiindawo zophuhliso, ukuqinisa ulawulo lobungqina, kunye nokwandisa ukubeka iliso kwizandiso kunye neendawo zokugcina, ukuphepha imvakalelo yobuxoki yokhuseleko emva kokuhoxiswa kwexeshana.
Umbhali onomdla malunga nehlabathi le-bytes kunye netekhnoloji ngokubanzi. Ndiyakuthanda ukwabelana ngolwazi lwam ngokubhala, kwaye yile nto ndiza kuyenza kule bhlog, ndikubonise zonke izinto ezinomdla malunga nezixhobo, isoftware, ihardware, iindlela zetekhnoloji, kunye nokunye. Injongo yam kukukunceda uhambe kwihlabathi ledijithali ngendlela elula neyonwabisayo.