- An gano kari na ƙeta 9 a cikin Kasuwar VSCode
- Malware yana shigar da XMRig cryptominer wanda ke hakowa a bango.
- Ƙwayoyin ya bayyana a matsayin kayan aikin ci gaba na halal
- Har yanzu Microsoft bai cire duk kari mai cutarwa ba
Visual Studio Code, ko kuma kawai VSCode, ya zama ɗayan kayan aikin da aka fi so ga masu shirye-shirye a duniya. Ƙarfinsa da yuwuwar ƙara ayyuka ta hanyar kari ya sa ya zama mai ban sha'awa musamman.. Amma daidai wannan buɗaɗɗen ya zama ƙofa ga barazanar yanar gizo waɗanda ke cin gajiyar amincewar masu amfani.
A cikin 'yan kwanakin nan, wasu abubuwa sun fito fili: Haɓaka tara a cikin Kasuwar VSCode na hukuma waɗanda ke ɓoye lambar mugunta. Duk da yake sun bayyana a matsayin halaltattun kayan aiki da nufin inganta ƙwarewar ci gaba, a gaskiya Suna cutar da tsarin tare da software na cryptomining da aka ƙera don yin amfani da kayan aikin kwamfutar cikin sata.. Wannan binciken ya haifar da damuwa a tsakanin al'ummomin masu haɓakawa kuma yana nuna buƙatar kulawa mai tsanani na waɗannan nau'ikan dandamali.
Ƙaddamar da haɓakawa a cikin Kasuwar VSCode
Yuval Ronen, wani mai bincike a dandalin ExtensionTotal ne ya yi wannan binciken, wanda ya gano cewa akwai tarin kari akan tashar Microsoft na VSCode. Sun kunna boyayyen code bayan an shigar dasu. Wannan lambar ta ba da izinin aiwatar da rubutun PowerShell wanda aka zazzage kuma aka shigar a bangon XMRig cryptominer, wanda aka yi amfani da shi a ayyukan hakar ma'adinan cryptocurrency ba bisa ka'ida ba kamar Monero da Ethereum.
da An fitar da fakitin da abin ya shafa a ranar 4 ga Afrilu, 2025, kuma sun riga sun kasance don shigar da kowane mai amfani ba tare da wani hani ba. The kari An gabatar da su azaman kayan aiki masu amfani, wasu suna da alaƙa da masu tara harshe wasu kuma zuwa ga bayanan ɗan adam ko abubuwan haɓakawa.. A ƙasa akwai cikakken jerin kari da aka ruwaito:
- Discord Rich Presence don VSCode - na Mark H
- Ja - Roblox Studio Sync - ta evaera
- Solidity Compiler - ta VSCode Developer
- Claude AI - na Mark H
- Golang Compiler - na Mark H
- Wakilin ChatGPT na VSCode - na Mark H
- HTML Obfuscator - na Mark H
- Python Obfuscator - na Mark H
- Rust Compiler na VSCode - na Mark H
Ya kamata a lura cewa wasu daga cikin waɗannan kari yana da ban mamaki high fitarwa rates; Misali, “Discord Rich Presence” ya nuna sama da shigarwar 189.000, yayin da “Rojo – Roblox Studio Sync” ke da kusan 117.000. Yawancin masana harkar tsaro ta yanar gizo sun yi nuni da hakan Wataƙila waɗannan alkaluman ƙila an hura su ta hanyar wucin gadi don ƙirƙirar bayyanar shahara. da kuma jawo hankalin masu amfani da ba su ji ba.
Har zuwa lokacin da jama'a suka bayar da rahoto. An ci gaba da samun kari a cikin Kasuwa, wanda ya haifar da sukar Microsoft saboda rashin mayar da martani cikin gaggawa ga faɗakarwar tsaro. Kasancewar waɗannan abubuwan shigarwa ne daga tushen hukuma yana sa matsalar ta ƙara yin laushi.
Yadda harin ke aiki: fasahohin da aka yi amfani da su ta hanyar haɓakar mugunta
Tsarin kamuwa da cuta yana farawa nan da nan bayan an shigar da tsawo. A wannan lokacin, ana aiwatar da rubutun PowerShell wanda aka sauke daga adireshin waje: https://asdfqq(.)xyz. Wannan rubutun yana da alhakin aiwatar da ayyuka da yawa na ɓoye waɗanda ke ba da damar mai hakar ma'adinan gida a cikin kwamfutar da abin ya shafa.
Daya daga cikin abubuwan farko da rubutun ke yi shine shigar da ainihin tsawo wanda mai mugunta yana ƙoƙarin yin kwaikwayon. Anyi nufin wannan don gujewa zato daga ɓangaren mai amfani wanda zai iya lura da kowane bambanci a cikin aiki. A halin yanzu, lambar tana ci gaba da gudana a bayan fage don musaki matakan kariya da share hanya don ma'adinan crypto don yin aiki ba tare da ganowa ba.
Daga cikin fitattun ayyukan rubutun akwai:
- Ƙirƙirar ayyukan da aka tsara kama da halaltattun sunaye kamar "OnedriveStartup".
- Shigar da munanan umarni a cikin tsarin aiki rajista, yana tabbatar da dagewar sa a cikin sake yi.
- Kashe ayyukan tsaro na asali, ciki har da Windows Update da Windows Medic.
- Haɗu da kundin adireshin ma'adinai a cikin Jerin keɓancewar Windows Defender.
Bugu da ƙari, idan harin ya kasa yin nasara shugaba gata A lokacin aiki, yana amfani da wata dabara da aka sani da "hijacking DLL" ta hanyar fayil ɗin MLANG.dll na karya. Wannan dabarar tana ba da damar aiwatar da binary na ɓarna ta hanyar kwaikwayon halaltaccen tsarin aiwatarwa kamar ComputerDefaults.exe, yana ba shi matakin izini da ya dace don kammala shigarwar ma'adinai.
Da zarar tsarin ya lalace, a aiki ma'adinai shiru na cryptocurrencies da ke cinye albarkatun CPU ba tare da mai amfani ya gano shi cikin sauƙi ba. An tabbatar da cewa uwar garken nesa kuma tana ɗaukar kundayen adireshi kamar “/npm/,” yana ƙara shakkun cewa wannan yaƙin neman zaɓe na iya faɗaɗa zuwa wasu hanyoyin sadarwa kamar NPM. Ko da yake, ya zuwa yanzu, ba a sami wata kwakkwarar hujja a kan wannan dandali ba.
Me za ku yi idan kun shigar da ɗayan waɗannan kari
Idan kai, ko wani a cikin ƙungiyar ku, kun shigar da kowane ƙarin abubuwan da ake tuhuma, Yana da fifiko don kawar da su daga yanayin aiki. Cire su daga editan kawai bai isa ba, saboda yawancin ayyukan da rubutun ya yi suna dagewa kuma suna ci gaba da kasancewa ko da bayan cire kari.
Zai fi kyau a bi waɗannan matakan:
- Share ayyukan da aka tsara da hannu a matsayin "OnedriveStartup".
- Share abubuwan da ake tuhuma a cikin Rijistar Windows masu alaka da malware.
- Bita ku tsaftace kundayen adireshi da abin ya shafa, musamman waɗanda aka ƙara zuwa jerin keɓancewa.
- Yi a cikakken scan tare da sabunta kayan aikin riga-kafi kuma yi la'akari da yin amfani da ci-gaba mafita waɗanda ke gano halaye mara kyau.
Kuma sama da duka, yi aiki da sauri: kodayake babban lalacewa shine amfani da albarkatun tsarin ba tare da izini ba (yawan amfani, jinkirin, zafi, da sauransu). Ba a yanke hukuncin cewa mai yiwuwa maharan sun bude wasu kofofin baya ba..
Wannan labarin ya ba da haske game da sauƙin amfani da amana a cikin mahallin ci gaba, har ma a kan dandamali kamar yadda aka kafa a matsayin Babban Kasuwar VSCode. Don haka, an shawarci masu amfani da su A hankali bincika tushen kowane tsawo kafin shigar da shi, ba da fifiko ga waɗanda ke da ingantaccen tushe mai amfani kuma ku guje wa sabbin fakiti daga masu haɓakawa da ba a san su ba. Yaɗuwar irin wannan nau'in kamfen ɗin ɓarna yana nuna gaskiyar damuwa: yanayin ci gaba, waɗanda aka yi la'akari da su a baya ta hanyar tsohuwa, Hakanan za su iya zama masu kai hari idan ba a yi amfani da ingantaccen inganci da ka'idojin sa ido ba. A yanzu, alhakin yana kan duka masu samar da dandamali da masu haɓaka kansu, waɗanda dole ne su kasance a faɗake.
Ni mai sha'awar fasaha ne wanda ya mayar da sha'awar "geek" zuwa sana'a. Na shafe fiye da shekaru 10 na rayuwata ta yin amfani da fasaha mai mahimmanci da kuma yin amfani da kowane nau'i na shirye-shirye saboda tsantsar son sani. Yanzu na kware a fasahar kwamfuta da wasannin bidiyo. Wannan shi ne saboda sama da shekaru 5 ina yin rubutu a gidajen yanar gizo daban-daban kan fasaha da wasannin bidiyo, ina ƙirƙirar kasidu da ke neman ba ku bayanan da kuke buƙata cikin yaren da kowa zai iya fahimta.
Idan kuna da wasu tambayoyi, ilimina ya bambanta daga duk wani abu da ya shafi tsarin aiki na Windows da kuma Android don wayoyin hannu. Kuma alƙawarina shine a gare ku, koyaushe a shirye nake in yi ƴan mintuna kaɗan in taimaka muku warware duk wata tambaya da kuke da ita a duniyar Intanet.