針對Roblox平臺的npm供應鏈攻擊已持續一年多
支付動態 · 2024-09-03
資安業者Checkmarx警告,過去一年多來駭客持續散布大量惡意npm封包,鎖定Roblox開發人員發動攻擊
/Checkmarx
而這些惡意程式的主要功能包括竊取Discord權杖,存取系統資訊,建立於系統上的持久性,以及部署其它的惡意程式等。由於該惡意程式能夠擺布Windows登錄檔,而讓使用者每次開啟Windows設定程式時,就會執行它。
Roblox之所以受到駭客的青睞有許多原因,像是它有龐大的用戶基礎,開發人員可能獲得可觀的收入;而且Roblox平臺上的開發人員可能相對年輕且缺乏經驗,更容易落入社交工程的陷阱;不管是Roblox或npm都屬於較容易利用的開放平臺。
Checkmarx表示,雖然已多次刪除惡意的npm封包,但它們依然不斷地出現,現在甚至有些還活躍在npm註冊表中,此外,就算已完全移除惡意的npm封包,但駭客用來植入其它惡意程式的GitHub儲存庫還是處於活動狀態,是未來攻擊行動的潛在威脅。
Popular articles
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Kazakhstan plans to penalise online casino promotions
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
