{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最近,npm 安全團隊從 npm 網站上刪除了一個 JavaScript 庫,因爲該庫中包含惡意代碼,這些惡意代碼可以在開發者的計算機上打開後門。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sonatype 發佈的報告表示,該惡意 JavaScript 庫是“twilio-npm”,一個看起來像是 Twilio 相關庫的惡意庫。該庫於上週五首次在 npm 網站上發佈,在發佈的當天就被 Sonatype 團隊發現了其惡意行爲,於是 npm 安全團隊將這一軟件包列入黑名單並刪除。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雖然 twilio-npm 的惡意代碼在發佈當天就被發現了,npm 也已經儘快將其刪除,但是該庫仍已經被下載超過 370 次,並且自動包含在通過 npm 命令行程序構建和管理的 JavaScript 項目中。該庫的惡意行爲是被 Sonatype 的安全研究員 Ax Sharma 發現的,Ax Sharma 說,在這個山寨的 Twilio 庫中發現的惡意代碼會在所有下載並使用該庫的開發者電腦上打開 TCP 反向 Shell。反向 Shell 程序打開了“"},{"type":"codeinline","content":[{"type":"text","text":"4.tcp.ngrok [。] io:11425"}]},{"type":"text","text":"的連接,從而可以接收被感染用戶的計算機上運行的命令。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sharma 表示,反向 Shell 程序只能在基於 UNIX 的操作系統上工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"npm 安全小組發佈了一篇公告表示:“任何安裝或運行了此軟件包的計算機都應被認爲完全受到了威脅。該計算機上存儲的所有機密和密鑰都應該立即轉移至另一臺計算機。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/resource\/image\/4a\/db\/4ab9fcf1e49d1f75a0e6b04f07ceb9db.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖爲 npm 發佈的公告"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在過去的三個月中,npm 已經先後三次刪除惡意軟件包,而此次則爲第四次。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"8 月,npm 員工刪除了一個名爲“ fallguys ”的惡意 npm(JavaScript)庫,該庫聲稱提供了“ Fall Guys:Ultimate Knockout ”遊戲API的接口,可實際上,在開發者把該庫加入到自己的項目中後,該庫會運行其惡意代碼,竊取用戶瀏覽器和 Discord 的敏感文件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"9 月,npm 員工刪除了 4 個 npm 庫,原因是這些庫中的惡意代碼收集用戶的詳細信息並將這些信息上傳至 GitHub。這四個庫包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"lectorn"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"lodashs"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"loadyaml"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"loadyml"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"10 月,npm 移除了 4 個 npm 庫,原因是這些庫中的惡意代碼會向遠程服務器建立連接並泄露用戶數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/8RBc-IRoNhs70vo1EaHnxQ","title":"","type":null},"content":[{"type":"text","text":"《NPM 移除 4 個惡意軟件包:泄露用戶數據已有數月,4 個包分工明確》"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有開發者對此表示無奈:“爲什麼 npm 總是會被心懷不軌的人盯上?”總的來說,使用別人的依賴庫還是要謹慎,儘量選擇有大公司背書的依賴庫,有能力的開發者,自己造輪子不香嗎?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對此你有什麼看法呢?歡迎在下方留言和大家一起討論。"}]}]}
發佈當天就被發現?npm 刪除僞裝成 Twilio 的惡意庫
{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最近,npm 安全團隊從 npm 網站上刪除了一個 JavaScript 庫,因爲該庫中包含惡意代碼,這些惡意代碼可以在開發者的計算機上打開後門。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sonatype 發佈的報告表示,該惡意 JavaScript 庫是“twilio-npm”,一個看起來像是 Twilio 相關庫的惡意庫。該庫於上週五首次在 npm 網站上發佈,在發佈的當天就被 Sonatype 團隊發現了其惡意行爲,於是 npm 安全團隊將這一軟件包列入黑名單並刪除。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雖然 twilio-npm 的惡意代碼在發佈當天就被發現了,npm 也已經儘快將其刪除,但是該庫仍已經被下載超過 370 次,並且自動包含在通過 npm 命令行程序構建和管理的 JavaScript 項目中。該庫的惡意行爲是被 Sonatype 的安全研究員 Ax Sharma 發現的,Ax Sharma 說,在這個山寨的 Twilio 庫中發現的惡意代碼會在所有下載並使用該庫的開發者電腦上打開 TCP 反向 Shell。反向 Shell 程序打開了“"},{"type":"codeinline","content":[{"type":"text","text":"4.tcp.ngrok [。] io:11425"}]},{"type":"text","text":"的連接,從而可以接收被感染用戶的計算機上運行的命令。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sharma 表示,反向 Shell 程序只能在基於 UNIX 的操作系統上工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"npm 安全小組發佈了一篇公告表示:“任何安裝或運行了此軟件包的計算機都應被認爲完全受到了威脅。該計算機上存儲的所有機密和密鑰都應該立即轉移至另一臺計算機。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/resource\/image\/4a\/db\/4ab9fcf1e49d1f75a0e6b04f07ceb9db.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖爲 npm 發佈的公告"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在過去的三個月中,npm 已經先後三次刪除惡意軟件包,而此次則爲第四次。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"8 月,npm 員工刪除了一個名爲“ fallguys ”的惡意 npm(JavaScript)庫,該庫聲稱提供了“ Fall Guys:Ultimate Knockout ”遊戲API的接口,可實際上,在開發者把該庫加入到自己的項目中後,該庫會運行其惡意代碼,竊取用戶瀏覽器和 Discord 的敏感文件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"9 月,npm 員工刪除了 4 個 npm 庫,原因是這些庫中的惡意代碼收集用戶的詳細信息並將這些信息上傳至 GitHub。這四個庫包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"lectorn"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"lodashs"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"loadyaml"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"loadyml"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"10 月,npm 移除了 4 個 npm 庫,原因是這些庫中的惡意代碼會向遠程服務器建立連接並泄露用戶數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/8RBc-IRoNhs70vo1EaHnxQ","title":"","type":null},"content":[{"type":"text","text":"《NPM 移除 4 個惡意軟件包:泄露用戶數據已有數月,4 個包分工明確》"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有開發者對此表示無奈:“爲什麼 npm 總是會被心懷不軌的人盯上?”總的來說,使用別人的依賴庫還是要謹慎,儘量選擇有大公司背書的依賴庫,有能力的開發者,自己造輪子不香嗎?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對此你有什麼看法呢?歡迎在下方留言和大家一起討論。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章