- Mapakeji maviri enpm, colortoolsv2 uye mimelib2, akadhonza kuraira-uye-kudzora maURL kubva kuEthereum smart zvibvumirano kutora yechipiri-danho malware.
- Iko kushanda kwakabatanidzwa mune yakakura GitHub social-engineering network ine fake yekutengesa-bot repos uye inflated kuita metrics.
- Vapanduki vakachinjanisa mapaketi mushure mekubvisa uye vakashandisa zvakare imwechete pa-cheni kondirakiti, zvichibatsira traffic kusanganisa nezviri pamutemo blockchain chiitiko.
- Vatsvagiri vakaburitsa maIoCs uye vakakurudzira vanogadzira kuti vaone vanochengeta, vatarise zvinoenderana, uye vatarise zvisina kujairika pa-chetani kutarisa.
Vaongorori vekuchengetedza vakatsanangudza kupindira kwe-supply-chain umo npm mapakeji akadzvanywa Ethereum smart zvibvumirano kuti utore akavanzika ekudhawunirodha malink ekuwedzera miripo. Iyo nzira inovhara zvivakwa zvakashata kuseri kwevoruzhinji blockchain mafoni, kuomesesa kuongorora kwemaitiro uye mhinduro yechiitiko.
Iwo maviri emapakeji, colortoolsv2 uye mimelib2, yakaonekwa muna Chikunguru 2025 uye yakakurumidza kubviswa kubva mukunyoresa. Kutarisa vanogadzira mu crypto ecosystem, iyo kodhi yakashanda seyakaonda yekudhawunirodha iyo yakasanganisa yayo network kuita ne. zvakajairika pa-chetani mibvunzo, maererano nekutsvagisa nesoftware yekugovera cheni kambani ReversingLabs.
Zvakafukunurwa nevatsvakurudzi
Panzvimbo pekuomesesa-coding endpoints, mapakeji akatorwa inotevera-nhanho maURL kubva kuEthereum smart kontrakiti pese pavakaurayiwa kana kutengwa kunze kwenyika sevanovimba. Iyo indirection magirazi ekare maitiro ekubira seEtherHiding uye akabvumira kutyisidzira kuita masquerade se zviri pamutemo blockchain traffic. Nepo maitiro akashata munpm kodhi yaive yakatwasuka, yakabatana GitHub mapurojekiti akashanda nesimba kuti aite seakavimbika.
Mashandisiro akaita on-chain indirection
Vaferefeta vakawana kuti colortoolsv2 yakatumira shoma loader (kusanganisira index.js routine) yaibvunza on-chain contract kune kukosha kwetambo inomiririra nzvimbo yekurodha yechikamu chechipiri. Kondirakiti iri pa 0x1f171a1b07c108eae05a5bccbe86922d66227e2b yakafumura mabasa ekuverenga akadzosa URL, iyo mutakuri akazoshandisa kudhonza mubhadharo kubva kune anorwisa-inodzorwa server.
Mushure me npm yakavharwa colortoolsv2 kutanga kwaChikunguru, vashandisi vakaunza mimelib2 ine dzinenge dzakafanana logic uye yakafanana chibvumirano referensi, kuderedza shanduko uchichengeta yavo yekudzora chiteshi. Chechipiri-chikamu chechikamu chakaitwa mushure mekudzoserwa, uye hashi yayo yakabatanidzwa nevatsvaguri kuti vaonekwe uye. forensic triage.
Iyo yakarongeka GitHub lure
Iyo npm yekurodha yakadyarwa kuburikidza netiweki ye inonyengera GitHub repositories kushambadza maturusi otomatiki ekutengesa, akadai solana‑trading-bot-v2, ethereum-mev-bot-v2, arbitrage-bot, uye hyperliquid-trading-bot. Maakaundi kuseri kwemapurojekiti aya aive nemaitirwo ezviitwa akagadzirirwa kuti ataridzike: nyeredzi dzakawandisa nevarindi, kuita nguva zhinji (zvimwe zvidiki), uye akawanda akanyorwa anochengeta.
Vaongorori vanosanganisa kuedza kwekudyara uku neinonzi Stargazers Ghost Network, boka rekugovera-se-se-sevhisi rinoratidza nyeredzi dzakawanda, maforogo, mawachi, uye anozvipira kusimbisa kuoneka kwenzvimbo dzinokuvadza. Vamwe vashandisi vanobata vanodudzwa munhoroondo dzekuita vakawedzera kutsamira kwakashata zvakananga, uye inokwana imwe yakabatana GitHub account kubva ipapo. kuderedzwa.
Sei izvi zvainzvenga kuzvidzivirira
Nekuti mudhaunirodha akabvunza a public blockchain kuti uwane mirairo yaro, mafirita akajairwa uye URL blocklists aive asingashande. Maturusi mazhinji ekuchengetedza haarekere kuverenga chete mafoni ekondirakiti, uye munhu anorwisa anogona kutenderedza magumo ekugamuchira nekuvandudza pa-chetani data pane kubata pasuru kodhi kana centralized infrastructure. Iko kusanganiswa kunosimudza bara rekuona uye kubvisa.
Vatsvagiri vakacherekedza kuti pfungwa dzakafanana dzakamboitika mumabasa e-crypto-yakatarisana, asi vachishandisa kontrakiti yakangwara nhanho C2 nzvimbo ye npm malware inocherekedza shanduko mune yakavhurika-sosi ecosystems iri kuongororwa. Zvinyorwa zvekristpto-zvine chekuita nezvemapos eruzhinji zvakakwira muna 2024, paine nyaya dzinopfuura makumi maviri dzakapinda, uye chiitiko ichi chinoratidza matekiniki ari kukura.
Zviratidzo zvekukanganisika (IoCs)
Mazita anotevera akabatanidzwa pamushandirapamwe uye anogona kubatsira kuvhima kutyisidzira uye zviwanikwa:
- npm colortoolsv2 shanduro: 1.0.0 (SHA1 678c20775ff86b014ae8d9869ce5c41ee06b6215), 1.0.1 (SHA1 1bb7b23f45ed80bce33a6b6e6bc4f99750d5a34b), 1.0.2 (SHA1 db86351f938a55756061e9b1f4469ff2699e9e27)
- npm mimelib2 shanduro: 1.0.0 (SHA1 bda31e9022f5994385c26bd8a451acf0cd0b36da), 1.0.1 (SHA1 c5488b605cf3e9e9ef35da407ea848cf0326fdea)
- Chechipiri payload: SHA1 021d0eef8f457eb2a9f9fb2260dd2e39ff009a21
- Smart contract: 0x1f171a1b07c108eae05a5bccbe86922d66227e2b
Developer impact uye inokurudzirwa cheki
Kune zvikwata zvinovimba nenpm, iyo nyaya inotsikirira kuti mukurumbira masaini anogona kuva kugadzirwa. Vagadziri veVet uye vanoita nhoroondo, ongorora zvinoburitswa zvezvisina kujairika zvekuisa kana postinstall maitiro, uye tarisa zvinoenderana nezvinoita blockchain API mafoni kana ane simba network zvikumbiro panguva yekumhanya.
Masangano anofanira kubatana Package allowlists, kuvimbika pinning (kusanganisira hashes for transitive dependencies), uye reproducible inovaka ine static uye maitiro ekuongorora. Network monitoring iyo inomira isingatarisirwe inobuda mafoni kune RPC vanopa kana traffic yakangoerekana yasvika kunzvimbo dzausina kujaira inogona zvakare kutaura kushungurudzwa kwe-on-chain indirection.
Usati waisa maturusi anonzi mabhoti ekutengesa kana MEV vabatsiri, tarisa kana maakaundi akaremerwa uye marekodhi ane rekodhi rekodhi, kwete chete. kuputika basa kwemazuva mashoma. Dhonza mapakeji emunharaunda kuti aongorore manyorero, tarisa kune akaomeswa anorodha, uye tarisa kodhi inoverenga yakangwara chengetedzo yekontrakiti kuti uwane ma URL anogona kuitiswa.
Vatsvagiri vanokurudzirawo kugadzira mepu chero pa--chetani mareferensi anoshandiswa nekuvaka kana runtime zvinyorwa, uchitarisa kuti zvigadziriswe contract state iyo inogona kutungamira kudhawunirodha, uye kunyora maIoCs mukati kuitira kuti zviziviso zvirambe zviripo kunyangwe ruzhinji runyorwa kana maakaundi akabviswa.
Zvakatorwa pamwe chete, zvakawanikwa zvinosimbisa kuti zvibvumirano zveEthereum smart zvakadzoserwa sei seanochinjika relay yeC2 ruzivo, npm neGitHub zvakarukwa sei munzira yekuendesa, uye nei. hutsanana hwepasuru hwakadzama pamwe ne-on-chetani yekucherechedza yekutarisa ikozvino matanda etafura ezvikwata zvebudiriro zvinoshanda neakavhurika-sosi uye crypto tooling.
