針對Roblox平臺的npm供應鏈攻擊已持續一年多
支付動態 · 2024-09-03
資安業者Checkmarx警告,過去一年多來駭客持續散布大量惡意npm封包,鎖定Roblox開發人員發動攻擊
/Checkmarx
而這些惡意程式的主要功能包括竊取Discord權杖,存取系統資訊,建立於系統上的持久性,以及部署其它的惡意程式等。由於該惡意程式能夠擺布Windows登錄檔,而讓使用者每次開啟Windows設定程式時,就會執行它。
Roblox之所以受到駭客的青睞有許多原因,像是它有龐大的用戶基礎,開發人員可能獲得可觀的收入;而且Roblox平臺上的開發人員可能相對年輕且缺乏經驗,更容易落入社交工程的陷阱;不管是Roblox或npm都屬於較容易利用的開放平臺。
Checkmarx表示,雖然已多次刪除惡意的npm封包,但它們依然不斷地出現,現在甚至有些還活躍在npm註冊表中,此外,就算已完全移除惡意的npm封包,但駭客用來植入其它惡意程式的GitHub儲存庫還是處於活動狀態,是未來攻擊行動的潛在威脅。
Popular articles
Bally’s job training program is a big deal at Community College of Rhode Island
Regulation
Online casino in Germany: Schleswig-Holstein issues licences for live casino and table games
Online Casino
New Partnership: 1spin4win Integrates Classic Slots into Pokerdom’s Gaming Library
Online Casino
Hotel-casino court rulings reveal flaws in AI price-fixing allegations
Regulation
FDJ completes Kindred deal to transform into ‘Europe’s champion’
Sports Betting
Denise Coates’ charity may have saved Bet365 more in tax than it has given to good causes
Sports Betting
Meet HUIDU at Booth Z64 of iGB Live 2025 in London
HUIDU Focus
Underreported taxes on bettors’ gambling winnings leaves IRS $1.4 billion short
Sports Betting
UK Council Accountant Who Stole £1m to Fund Gambling Addiction Jailed for Five Years
Regulation
GeoComply report: Betting while at NFL games soaring so far this season
Sports Betting
SBC Awards Americas 2025: Shortlisted Nominees Announced
HUIDU Focus
British gambling levy rates confirmed for each vertical
Regulation
BEGE and EEGS 2025 Dates Announced!
Online Casino
German gambling regulator wins case against lottery operator
Regulation
Wynn Resorts obtains United Arab Emirates gaming license
Regulation