{"id":1000891,"date":"2023-11-03T22:24:42","date_gmt":"2023-11-04T00:24:42","guid":{"rendered":"https:\/\/teknomers.com\/fr\/48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur-les-systemes-de-developpement\/"},"modified":"2023-11-03T22:24:46","modified_gmt":"2023-11-04T00:24:46","slug":"48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur-les-systemes-de-developpement","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur-les-systemes-de-developpement\/","title":{"rendered":"48 packages npm malveillants d\u00e9tect\u00e9s d\u00e9ployant des shells invers\u00e9s sur les syst\u00e8mes de d\u00e9veloppement"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">03 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 des logiciels\/logiciels malveillants<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Un nouvel ensemble de 48 packages npm malveillants a \u00e9t\u00e9 d\u00e9couvert dans le r\u00e9f\u00e9rentiel npm avec des capacit\u00e9s permettant de d\u00e9ployer un shell invers\u00e9 sur les syst\u00e8mes compromis.<\/p>\n<p>&#8220;Ces packages, nomm\u00e9s de mani\u00e8re trompeuse pour para\u00eetre l\u00e9gitimes, contenaient du JavaScript obscurci con\u00e7u pour lancer un shell invers\u00e9 lors de l&#8217;installation du package&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 de la cha\u00eene d&#8217;approvisionnement en logiciels Phylum. <a rel=\"nofollow noopener\" href=\"https:\/\/blog.phylum.io\/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell\/\" target=\"_blank\">dit<\/a>.<\/p>\n<p>Tous les packages contrefaits ont \u00e9t\u00e9 publi\u00e9s par un utilisateur npm nomm\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.npmjs.com\/~hktalent\" target=\"_blank\">talent<\/a> (<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/hktalent\/\" target=\"_blank\">GitHub<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/Hktalent3135773\" target=\"_blank\">X<\/a>).  Au moment de la r\u00e9daction, 39 des packages t\u00e9l\u00e9charg\u00e9s par l&#8217;auteur sont toujours disponibles au t\u00e9l\u00e9chargement.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/wiz-inside-desk\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La cha\u00eene d&#8217;attaque est d\u00e9clench\u00e9e apr\u00e8s l&#8217;installation du package via un hook d&#8217;installation dans le package.json qui appelle un code JavaScript pour \u00e9tablir un <a rel=\"nofollow noopener\" href=\"https:\/\/www.aquasec.com\/cloud-native-academy\/cloud-attacks\/reverse-shell-attack\/\" target=\"_blank\">coque invers\u00e9e<\/a> \u00e0 rsh.51pwn[.]com.<\/p>\n<p>&#8220;Dans ce cas particulier, l&#8217;attaquant a publi\u00e9 des dizaines de packages \u00e0 l&#8217;apparence inoffensive avec plusieurs couches d&#8217;obscurcissement et de tactiques trompeuses dans le but ultime de d\u00e9ployer un shell invers\u00e9 sur toute machine qui installe simplement l&#8217;un de ces packages&#8221;, a d\u00e9clar\u00e9 Phylum.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/1699057481_975_48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/1699057481_975_48-packages-npm-malveillants-detectes-deployant-des-shells-inverses-sur.jpg\" alt=\"npm Forfaits\" border=\"0\" data-original-height=\"596\" data-original-width=\"728\" title=\"npm Forfaits\"\/><\/a><\/div>\n<p>Les r\u00e9sultats arrivent juste apr\u00e8s les r\u00e9v\u00e9lations selon lesquelles deux packages publi\u00e9s dans Python Package Index (PyPI) sous couvert de simplification de l&#8217;internationalisation incorporaient un code malveillant con\u00e7u pour siphonner les donn\u00e9es sensibles des applications et des informations syst\u00e8me Telegram Desktop.<\/p>\n<p>Il a \u00e9t\u00e9 constat\u00e9 que les packages, nomm\u00e9s localisation-utils et locute, r\u00e9cup\u00e9raient la charge utile finale \u00e0 partir d&#8217;une URL Pastebin g\u00e9n\u00e9r\u00e9e dynamiquement et exfiltraient les informations vers un canal Telegram contr\u00f4l\u00e9 par un acteur.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Ce d\u00e9veloppement met en \u00e9vidence l\u2019int\u00e9r\u00eat croissant des acteurs malveillants pour les environnements open source, qui leur permettent de mettre en place des attaques percutantes sur la cha\u00eene d\u2019approvisionnement pouvant cibler plusieurs clients en aval \u00e0 la fois.<\/p>\n<p>&#8220;Ces packages t\u00e9moignent d&#8217;un effort d\u00e9di\u00e9 et \u00e9labor\u00e9 pour \u00e9viter la d\u00e9tection via une analyse statique et une inspection visuelle en employant diverses techniques d&#8217;obscurcissement&#8221;, Phylum <a rel=\"nofollow noopener\" href=\"https:\/\/blog.phylum.io\/obfuscated-pypi-packages-purporting-to-be-i18n-libraries-actually-stealing-telegram-data\/\" target=\"_blank\">dit<\/a>ajoutant qu&#8217;ils &#8220;constituent un autre rappel brutal de la nature critique de la confiance en mati\u00e8re de d\u00e9pendance dans nos \u00e9cosyst\u00e8mes open source&#8221;.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/48-malicious-npm-packages-found.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80203 novembre 2023\ue804R\u00e9dactionS\u00e9curit\u00e9 des logiciels\/logiciels malveillants Un nouvel ensemble de 48 packages npm malveillants a \u00e9t\u00e9 d\u00e9couvert dans le r\u00e9f\u00e9rentiel npm avec des capacit\u00e9s permettant de d\u00e9ployer un shell invers\u00e9 sur les syst\u00e8mes compromis. &#8220;Ces packages, nomm\u00e9s de mani\u00e8re trompeuse pour para\u00eetre l\u00e9gitimes, contenaient du JavaScript obscurci con\u00e7u pour lancer un shell invers\u00e9 lors de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1000892,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,4165,4161,200267,174530,133,42137,1195,15960,4159,4171,65,200271,4590,200268,200269,200270,7310,7309,128318,4172,4169,128211,60,5046,4166,4164],"class_list":["post-1000891","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-deployant","tag-des","tag-detectes","tag-developpement","tag-inverses","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-malveillants","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-npm","tag-packages","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-shells","tag-sur","tag-systemes","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1000891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1000891"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1000891\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1000892"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1000891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1000891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1000891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}