Ikozvino kukanganiswa kweruzivo kwakavhundutsa vashandisi
Mazuva mashoma apfuura iyo Kaspersky Lab vaongorori, Vakazivisa nhau kuti Vakaona backdoor mudeb package download maneja Yemahara Kurodha maneja (FDM), iyo yakagoverwa kuburikidza nedeb.fdmpkg.org repository, iyo yakabatanidzwa pane webhusaiti yepamutemo yeprojekiti.
Izvo zvinotaurwa kuti iyo yakaipa package yakaiswa pane chaiyo saiti peji rewebhu, iyo yakakanganiswa neboka revatsotsi vekuUkraine, vachitora mukana wayo kuparadzira software yakaipa, inokanganisa vashandisi vakadhawunirodha deb package pakati pa2020 na2022, avo vakafumurwa.
Nezve pasuru yakaipa, Shanduro yeFDM yakaburitswa muna Ndira 2020 nekuisa kwakashata uye yakagoverwa kuburikidza newebhusaiti yepamutemo yeprojekiti (freedownloadmanager.org) zvirinani kusvika saiti yagadziridzwa muna 2022.
Zvinonzi izvi akatumira ruzivo rwakavanzika uye zvitupa uye akadanwa kuburikidza nemubatiri akatangwa namaneja wepakeji mune yemashure-package yekuisa nhanho. Ruzivo urwu rwakavakirwa padanho rekutanga, sezvo muna 2020 webhusaiti yeprojekiti yakabirwa uye vapambi vakachinja zviri papeji nekubatanidza download.
Muna 2022, kusagadzikana kwakagadziriswa nekusaziva mushure mekuvandudzwa kwesaiti. Vagadziri veFDM vanotenda kuti nyaya yacho haina kucherechedzwa kwenguva yakareba, ichikanganisa isingasviki 0,1% yevashanyi vesaiti. Zvinofungidzirwa kuti chinongedzo kune yakaipa package haina kupihwa kune vese vashandisi, asi zvakasarudzwa chete zvine chekuita nebrowser paramita/nzvimbo kana zvisina kurongeka (makopi epeji yekurodha ye2020 uye 2021 akachengetwa nearchive.org sevhisi ane chinongedzo chiri pamutemo).
Nezvemaitiro aakaita iyo yakaipa kodhi yakabatanidzwa mudeb package iri mushure mekuiswa yakadhawunirodha mamwe mafaera anogona kutevedzerwa kubva kune ekunze mauto uye wobva waisa crontab kufonera imwe yemafaira akadhawunirwa maminetsi ega ega.
Pakati pemabasa eiyo yakaipa kodhi, inotaurwa izvozvo yakamboshanda yakatsvaga nekuunganidza ruzivo nezve sisitimu, nhoroondo yebrowser, mafaera ane cryptocurrency wallet uye zvitupa zvekubatanidza kuAWS, Google Cloud, Oracle Cloud Infrastructure uye Azure Cloud services.
Iyo yakaipa kodhi yakawanikwa mushure mekufunda kurwiswa, zvaisanganisira vanhu vanofungira vamwe *.u.fdmpkg.org. Ongororo yedomeine fdmpkg.org yakaratidza kuti ine subdomain deb.fdmpkg.org, iyo inoshanda sedeb package repository, iyo ine huipi pasuru ine yekare vhezheni yeMahara Dhawunirodha Maneja.
Mushure mekuongorora kutaurwa kwe deb.fdmpkg.org munzvimbo dzakavhurika, Vatsvagiri vakawana hurukuro dzinoverengeka paStackOverflow uye Reddit nezve matambudziko akamuka nekuda kwekushandisa hutachiona vhezheni yeMahara Dhawunirodha Maneja. Kubatana kune yepamutemo webhusaiti kwawanikwa mushure mevhidhiyo ine mirairo yekuisa Yemahara Dhawunirodha Maneja yawanikwa paYouTube, iyo yakaratidza pasuru iri kutorwa kubva mudura nekudzvanya "Download" link pane yepamutemo chirongwa peji.
Panyaya iyi, vagadziri veFree Download Manager vakataura kuti vatanga ongororo uye vakazivisa kuti vari kutora matanho ekusimbisa kuchengetedzwa kwezvivakwa izvo zvaizodzivirira zviitiko zvakafanana mune ramangwana.
Nharaunda inodiwa,
Tinoshuvira kugadzirisa dambudziko rakakosha rekuchengetedza iro richangouya kwatiri. Kuchengeta kuvimba kwako kwakakosha kwatiri uye, mukuzvipira kwedu pachena, chinangwa chedu ndechekupa tsananguro yakajeka uye yakananga yemamiriro ezvinhu…
Kurudziro yeVashandisi: Dai iwe wanga uri pakati pevashandisi vakaedza kudhawunirodha FDM yeLinux kubva kune yedu peji yakakanganiswa panguva yataurwa, isu tinokurudzira zvakasimba kumhanyisa malware scan pane yako system uye nekugadzirisa mapassword ako seyambiro.
Nhau dzeKutaurirana: Isu takawanawo nyaya neimwe yemafomu edu ekuonana ayo anogona kunge akadzivirira kutaurirana nekukurumidza; zvichida raive fomu raishandiswa nevamiriri veKaspersky Lab kutaura nesu. Kana waedza kutibata maererano neizvi kana chero nyaya ine hukama pasina mhinduro, ndapota taura nesu zvakare pa support@freedownloadmanager.org.
Tine hurombo nemoyo wese kune chero kukanganisa kana kunetseka kungakonzeresa izvi. Kuve nechokwadi chekuti chengetedzo yako yedhijitari inoramba iri pamberi mukuedza kwedu uye isu hatizungunuke mukuzvipira kwedu kuchengetedza kuvimba kwako.
Pamusoro pezvo, vanokurudzira vashandisi vakaisa Linux vhezheni yeFDM kubva 2020 kusvika 2022 vanotarisisa masisitimu avo kune malware uye shandura mapassword avanoshandisa.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.