- I-GlassWorm ivela futhi ngezandiso eziyingozi ezintathu ku-Open VSX ezithinta Ikhodi ye-VS.
- Kusetshenziswa izinhlamvu ze-Unicode ezingabonakali kanye ne-C2 eguquguqukayo ngokwenziwa kwe-Solana.
- Ukwebiwa kwemininingwane (i-GitHub, i-Open VSX ne-Git) nokuthululwa kwezandiso ze-crypto wallet ezingama-49.
- Umthelela womhlaba wonke ngezisulu e-Europe kanye nezincomo ezisebenzayo zonjiniyela nezinkampani.
umkhankaso we I-malware I-GlassWorm isibuyile emsebenzini ku-Visual Studio Code ecosystem eneqoqo elisha le izandiso ezinonya okwathi, kusukela ngedethi yophenyo lwakamuva, bezisatholakala ukuze zilandwe ku-Open VSX. Ukusebenza kuhlanganisa amasu we ukufiphala nge-Unicode engabonakali kanye nomyalo kanye nengqalasizinda yokulawula ebuyekezwa ngokuthengiselana ku-Solana blockchain.
Ngemva kokuhlanzwa kokuqala ngo-Okthoba, nini Vula i-VSX isuse izandiso ezinonya Futhi ngemva kokuzungezisa noma ukuhoxisa amathokheni onakalisiwe, umlingisi ofanayo uphinde wavela ngama-artifact amasha, futhi eqondise konjiniyela. Inhloso ihlanganisa ukweba imininingwane I-GitHub, Vula i-VSX ne-Git, ngaphezu kokuchithwa kwezimali kumaphothifoliyo angu-49 ezandisiwe ze cryptocurrencies kanye nokufakwa kwezinsiza zokufinyelela ukude.
Iyini i-GlassWorm futhi ingena kanjani ku-VS Code ecosystem?
I-GlassWorm umkhankaso osizakala ngawo Izandiso zekhodi ye-Visual Studio kokubili ku-Microsoft Marketplace kanye naku-Open VSX registry ukwethula ikhodi enonya. Isici sayo esihlukile ukusetshenziswa kwe izinhlamvu ze-Unicode ezingabonakali ezingabonakali ngokushesha kusihleli, kodwa ezivumela i-JavaScript eshumekiwe ukuthi isetshenziswe ngaphakathi kwezandiso ezibonakala zisemthethweni.
Uhlelo olungayilungele ikhompuyutha alumane luntshontshe ulwazi: luphinde lufune ukuzisakaza ngemodi "yezibungu".ukufaka engozini ama-akhawunti engeziwe namaphrojekthi anemininingwane entshontshiwe. Lokhu kuzivumela ukuthi zandise ukufinyelela kwazo ngokukhulula izinguqulo ezintsha zezandiso, ukufaka izicabha ezingemuva, nokuphakela amathuluzi. ukufinyelela okukude kanye ne-keylogging emishinini ethintekile.
Esinye isici esibucayi kakhulu se-GlassWorm yi ukuphanga isikhwama se-cryptocurrency ngokusebenzisa inqwaba yezandiso ezihlobene ne-wallet. Le nhlanganisela yokwebiwa kobunikazi bonjiniyela, ukukhohliswa kwenqolobane, nokuhlaselwa kwempahla yezezimali kwenza umkhankaso ube yingozi enkulu emaqenjini ezobuchwepheshe ase-Europe nezinhlangano.
Igagasi elisha: izandiso ezihilelekile kanye nobubanzi
Ngokusho kokulandelela okuzimele ngamaqembu amaningana, umlingisi ubuyele ku-Open VSX ngezandiso ezintathu ezabelana ngokufanayo ukufihlwa nge-Unicode efihliwe kanye nendlela efanayo yokuvuselela i-C2 ka-Solana. Ndawonye, badlula kalula 10.000 i-ascargas, ivolumu engase ikhuliswe umhlaseli ngokwakhe ukuze azuze ukwethembeka.
- i-ai-driven-dev.ai-driven-dev
- i-adhamu.umlando-oku-sublime-merge
- yasuyuky.transient-emacs
Yize i-Open VSX yethula izivikelo ngemuva kwesigameko sokuqala, lezi Izandiso ezintathu zikwazile ukuzibalekela. usebenzisa izindlela ezifanayo zokufihla. Ngesikhathi kushicilelwa ukuhlaziya kokugcina, bezisatholakala kurejista, ogcizelela isidingo sokuqinisa izilawuli kanye nokuthi abasebenzisi babuyekeze izindawo zabo.
Ukuhlaselwa kwengqalasizinda kanye nokuchazwa kwayo
Umsebenzisi we-GlassWorm ubuyekeza amakheli ayo umyalo nokulawula ukushicilela ukuthengiselana okushibhile kunethiwekhi ye-Solana. Le ndlela inikeza ukuqina: uma iseva yomthwalo okhokhelwayo ihluleka, kwanele khipha okwenziwayo okusha ukuze amakhompyutha athelelekile azitholele ngokuzenzakalelayo indawo ebuyekeziwe.
Ukuchayeka ngengozi a isiphetho seseva yomhlaseli Lokhu kwavumela ukuhlanganiswa kohlu oluyingxenye yezisulu ezikhona e-United States, eNingizimu Melika, eYurophu, nase-Asia, okuhlanganisa nebhizinisi likahulumeni waseMpumalanga Ephakathi. Nakuba izinhlangano ezithile zaseSpain zingakacaciswanga, ububanzi baseYurophu buphakamisa lokho amaqembu e-EU Bangase babe phakathi kwezinwele.
Ukuhlaziywa kwe-forensic kuphinde kwathola amarekhodi we keylogger kusukela ku-opharethaLokhu kuphakamisa ukuthi umenzi wobubi ukhuluma isi-Russian futhi usebenzisa uhlaka oluvulekile lwe-RedExt njengengxenye yengqalasizinda ye-C2 esekelwe kusiphequluli. Lezi zingcezu zihambisana nomlingisi ohlanganisa ubuchwepheshe, ukuphikelela, nokuvumelana nezimo.
Umugqa wesikhathi womkhankaso nezinkundla ezithintekile
I-GlassWorm yabhalwa okokuqala ngasekupheleni kuka-Okthoba, inezandiso eziyishumi nambili ku-VS Code kanye nezimakethe ze-Open VSX ezinqwabelana nxazonke. amashumi ezinkulungwane zokulanda (isibalo okungenzeka sivuthwe). Ukulandela lokho kushaywa kokuqala, i-Open VSX isuse okuqukethwe okutholiwe futhi amathokheni azungezisiwe noma ahoxisiwe ngo-Okthoba 21.
Ekude nokwehlisela ijubane, umlingisi uphokophele phambili GitHubusebenzisa izifakazelo ezebiwe ukuze uphushele izibopho ezinonya ezindaweni zokugcina. Emasontweni kamuva, ibuyele ku-Open VSX registry nezandiso ezintathu ezishiwo ngenhla, yandisa umkhankaso emikhawulweni eminingi, okuhlanganisa. I-GitHub, i-NPM, ne-Open VSXAbacwaningi sebebale okungenani 60 izisulu ezahlukene ohlwini oluyingxenye, okuphakamisa ukuthi umthelela wangempela ungaba mkhulu.
Izinyathelo zokunciphisa kanye nezincomo ze-Europe ne-Spain
Okwamathimba okuthuthukisa: buyekeza i-inventory ye izandiso ezifakwe ku-VS Code, khipha ezisolisayo futhi uhlole umhleli we-Open VSX/Microsoft ukuze uqinisekise isimo somshicileli. Kuyafaneleka ukunaka... amagama afanayo noma angeyena, izilinganiso ze-atypical nezinguquko zakamuva kumnakekeli.
Mayelana nemininingwane, kuyatuswa zungezisa amathokheni nezihluthulelo Kusuka ku-GitHub/Open VSX/Git, hoxisa ama-PAT angasetshenzisiwe, vula i-2FA, futhi ubuyekeze okhiye sshIzinhlangano kufanele ziqinise izinqubomgomo ku isiginesha nokubuyekezwa kwezinguquko (ukuvikelwa kwegatsha, ukubuyekezwa okuyisibopho) kanye nokuqapha ubuqotho kumapayipi e-CI/CD.
Ukuze unciphise indawo enobungozi, nika amandla umhleli ukuboniswa kwezinhlamvu ezingabonakaliSebenzisa ama-linter nemithetho yezokuphepha ethola i-Unicode esolisayo, bese uphinina ukuncika okubalulekile nezandiso. Gwema ukufaka izandiso ezivela kuzixhumanisi ezabiwe noma imithombo engaqinisekisiwe.
Uma kusolwa ukuyekethisa: hlukanisa amathuluzi, hoxisa izikhathi ezisebenzayo Kubahlinzeki, izinqolobane zocwaningo kanye nezimfihlo zohwebo, futhi wazise indawo yokubhalisa/indawo yemakethe kanye nezinhlaka zokugcinwa komthetho. E-EU, hlola izibopho zesaziso ngaphansi kwe I-GDPR ne-NIS2 lapho kufanele, futhi axhumanise ukuxhumana nalabo abathintekile.
Ukuvela kwe-GlassWorm kubonisa ikhono labahlaseli loku ukuhlanganisa kabusha nokubuya ngezandiso ezintsha namashaneli e-C2 aqinile. Emkhakheni wobuchwepheshe waseYurophu, okubalulekile ukuqinisa izilawuli ezindaweni zokuthuthukiswa, ukuqinisa ukuphathwa kokuqinisekisa, nokwandisa ukugadwa kwezandiso namakhosombe, ukugwema umuzwa wokuphepha ongamanga ngemva kokuhoxiswa kwesikhashana.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.