{"id":2165,"date":"2025-09-09T01:55:32","date_gmt":"2025-09-09T01:55:32","guid":{"rendered":"https:\/\/bitcoinnewscrypto.com\/vi\/?p=2165"},"modified":"2025-09-09T01:55:32","modified_gmt":"2025-09-09T01:55:32","slug":"crypto-supply-chain-attack-npm-malware","status":"publish","type":"post","link":"https:\/\/bitcoinnewscrypto.com\/vi\/news\/solana\/crypto-supply-chain-attack-npm-malware\/","title":{"rendered":"C\u1ea3nh b\u00e1o! T\u1ea5n c\u00f4ng ti\u1ec1n \u0111i\u1ec7n t\u1eed m\u1edbi: Chu\u1ed7i cung \u1ee9ng b\u1ecb nh\u1eafm \u0111\u1ebfn!"},"content":{"rendered":"

M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng m\u1edbi \u0111ang \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed t\u1eeb ng\u01b0\u1eddi d\u00f9ng khi h\u1ecd g\u1eedi giao d\u1ecbch v\u00e0 nhi\u1ec1u chuy\u00ean gia g\u1ecdi \u0111\u00e2y l\u00e0 cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng l\u1edbn nh\u1ea5t trong l\u1ecbch s\u1eed. Hacker \u0111\u00e3 \u0111\u1ed9t nh\u1eadp v\u00e0o t\u00e0i kho\u1ea3n c\u1ee7a nh\u1eefng ng\u01b0\u1eddi b\u1ea3o tr\u00ec g\u00f3i npm b\u1eb1ng email l\u1eeba \u0111\u1ea3o. Nh\u1eefng email n\u00e0y tr\u00f4ng nh\u01b0 \u0111\u1ebfn t\u1eeb “support@npmjs.help<\/a>“, sao ch\u00e9p s\u1ed5 \u0111\u0103ng k\u00fd npm th\u1ef1c t\u1ebf. C\u00e1c tin nh\u1eafn n\u00f3i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n r\u1eb1ng t\u00e0i kho\u1ea3n c\u1ee7a h\u1ecd s\u1ebd b\u1ecb kh\u00f3a tr\u1eeb khi h\u1ecd c\u1eadp nh\u1eadt x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1. Khi ng\u01b0\u1eddi b\u1ea3o tr\u00ec nh\u1ea5p v\u00e0o li\u00ean k\u1ebft, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 c\u00f3 \u0111\u01b0\u1ee3c th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee7a h\u1ecd v\u00e0 \u0111\u1eb7t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i b\u00ean trong c\u00e1c g\u00f3i npm ph\u1ed5 bi\u1ebfn.<\/p>\n\n

M\u01b0\u1eddi t\u00e1m th\u01b0 vi\u1ec7n JavaScript \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i \u0111\u00e3 b\u1ecb x\u00e2m ph\u1ea1m, bao g\u1ed3m chalk, debug v\u00e0 ansi-styles. K\u1ebft h\u1ee3p l\u1ea1i, c\u00e1c g\u00f3i n\u00e0y nh\u1eadn \u0111\u01b0\u1ee3c h\u00e0ng t\u1ef7 l\u01b0\u1ee3t t\u1ea3i xu\u1ed1ng m\u1ed7i tu\u1ea7n v\u00e0 \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n tr\u00ean to\u00e0n th\u1ebf gi\u1edbi s\u1eed d\u1ee5ng. \u0110i\u1ec1u \u0111\u00f3 c\u00f3 ngh\u0129a l\u00e0 to\u00e0n b\u1ed9 h\u1ec7 sinh th\u00e1i JavaScript c\u00f3 th\u1ec3 \u0111\u00e3 b\u1ecb ph\u01a1i b\u00e0y. BleepingComputer \u0111\u01b0a tin r\u1eb1ng nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 ti\u00eam m\u00e3 v\u00e0o c\u00e1c th\u01b0 vi\u1ec7n n\u00e0y, ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t tr\u00ecnh ch\u1eb7n d\u1ef1a tr\u00ean tr\u00ecnh duy\u1ec7t. M\u00e3 n\u00e0y gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp m\u1ea1ng v\u00e0 t\u00ecm ki\u1ebfm c\u00e1c giao d\u1ecbch ti\u1ec1n \u0111i\u1ec7n t\u1eed tr\u00ean Bitcoin, Ethereum, Solana, Tron, Litecoin v\u00e0 Bitcoin Cash. Khi ai \u0111\u00f3 g\u1eedi chuy\u1ec3n kho\u1ea3n, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u00e3 thay th\u1ebf \u0111\u1ecba ch\u1ec9 v\u00ed th\u1ef1c b\u1eb1ng \u0111\u1ecba ch\u1ec9 do hacker ki\u1ec3m so\u00e1t tr\u01b0\u1edbc khi giao d\u1ecbch \u0111\u01b0\u1ee3c k\u00fd.<\/p>\n\n

Nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt Charlie Eriksen gi\u1ea3i th\u00edch r\u1eb1ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ho\u1ea1t \u0111\u1ed9ng theo nhi\u1ec1u c\u00e1ch. N\u00f3 thay \u0111\u1ed5i nh\u1eefng g\u00ec \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb tr\u00ean c\u00e1c trang web, can thi\u1ec7p v\u00e0o c\u00e1c l\u1ec7nh g\u1ecdi API v\u00e0 l\u1eeba c\u00e1c \u1ee9ng d\u1ee5ng k\u00fd c\u00e1c giao d\u1ecbch m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u00f3 \u00fd \u0111\u1ecbnh th\u1ef1c hi\u1ec7n. Charles Guillemet, CTO c\u1ee7a Ledger, c\u1ea3nh b\u00e1o r\u1eb1ng cu\u1ed9c t\u1ea5n c\u00f4ng v\u1eabn \u0111ang di\u1ec5n ra v\u00e0 cho bi\u1ebft ng\u01b0\u1eddi d\u00f9ng ti\u1ec1n \u0111i\u1ec7n t\u1eed n\u00ean tr\u00e1nh th\u1ef1c hi\u1ec7n c\u00e1c giao d\u1ecbch tr\u00ean chu\u1ed7i n\u1ebfu h\u1ecd ch\u1ec9 s\u1eed d\u1ee5ng v\u00ed ph\u1ea7n m\u1ec1m. Ng\u01b0\u1eddi d\u00f9ng v\u00ed ph\u1ea7n c\u1ee9ng c\u00f3 th\u1ec3 t\u1ef1 b\u1ea3o v\u1ec7 m\u00ecnh b\u1eb1ng c\u00e1ch ki\u1ec3m tra chi ti\u1ebft tr\u01b0\u1edbc khi k\u00fd, nh\u01b0ng b\u1ea5t k\u1ef3 ai kh\u00f4ng c\u00f3 v\u00ed ph\u1ea7n c\u1ee9ng \u0111\u1ec1u ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u1edbi r\u1ee7i ro cao h\u01a1n.<\/p>\n\n

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u0169ng ph\u00e1t hi\u1ec7n ra r\u1eb1ng c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng l\u1eeba \u0111\u1ea3o \u0111\u00e3 g\u1eedi chi ti\u1ebft b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u1ebfn “websocket-api2.publicvm.com”. \u0110i\u1ec1u n\u00e0y cho th\u1ea5y cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u1ed1i h\u1ee3p t\u1ed1t. N\u00f3 ti\u1ebfp theo c\u00e1c s\u1ef1 c\u1ed1 npm kh\u00e1c v\u00e0o \u0111\u1ea7u n\u0103m nay, bao g\u1ed3m m\u1ed9t s\u1ef1 c\u1ed1 v\u00e0o th\u00e1ng 3 \u0111\u00e3 v\u00e1 g\u00f3i ethers b\u1eb1ng m\u1ed9t l\u1edbp v\u1ecf ng\u01b0\u1ee3c v\u00e0 m\u1ed9t s\u1ef1 c\u1ed1 kh\u00e1c v\u00e0o th\u00e1ng 7 nh\u1eafm v\u00e0o eslint-config-prettier. Chi\u1ebfn d\u1ecbch ti\u1ebfp t\u1ee5c ph\u00e1t tri\u1ec3n v\u00e0 l\u1ea7n n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c h\u1ee3p \u0111\u1ed3ng th\u00f4ng minh Ethereum theo m\u1ed9t c\u00e1ch m\u1edbi. Hai g\u00f3i npm c\u00f3 t\u00ean l\u00e0 colortoolsv2 v\u00e0 mimelib2 \u0111\u00e3 \u1ea9n c\u00e1c l\u1ec7nh \u0111\u1ed9c h\u1ea1i b\u00ean trong c\u00e1c h\u1ee3p \u0111\u1ed3ng th\u00f4ng minh Ethereum. Sau khi t\u1ea3i xu\u1ed1ng, c\u00e1c g\u00f3i \u0111\u00e3 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i giai \u0111o\u1ea1n hai, khi\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n.<\/p>\n\n

H\u1ee3p \u0111\u1ed3ng th\u00f4ng minh Ethereum l\u00e0 c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh nh\u1ecf ch\u1ea1y tr\u00ean blockchain. Ch\u00fang c\u00f4ng khai v\u00e0 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 c\u00e1c API m\u1edf. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, hacker \u0111\u00e3 s\u1eed d\u1ee5ng ch\u00fang \u0111\u1ec3 l\u01b0u tr\u1eef c\u00e1c li\u00ean k\u1ebft \u0111\u1ec3 t\u1ea3i xu\u1ed1ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, v\u00ec v\u1eady ngay c\u1ea3 khi ai \u0111\u00f3 ki\u1ec3m tra g\u00f3i, h\u1ecd c\u00f3 th\u1ec3 kh\u00f4ng th\u1ea5y m\u00e3 nguy hi\u1ec3m. Ph\u01b0\u01a1ng ph\u00e1p ch\u1ec9 huy v\u00e0 ki\u1ec3m so\u00e1t s\u00e1ng t\u1ea1o n\u00e0y cho th\u1ea5y c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111ang th\u00edch nghi \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n nh\u01b0 th\u1ebf n\u00e0o.<\/p>\n\n

K\u1ebb t\u1ea5n c\u00f4ng c\u0169ng c\u1ed1 g\u1eafng l\u00e0m cho c\u00e1c kho l\u01b0u tr\u1eef GitHub c\u1ee7a h\u1ecd tr\u00f4ng \u0111\u00e1ng tin c\u1eady. H\u1ecd \u0111\u00e3 t\u1ea1o ra c\u00e1c d\u1ef1 \u00e1n gi\u1ea3 m\u1ea1o nh\u01b0 solana-trading-bot-v2 v\u00e0 ethereum-mev-bot-v2. Ch\u00fang c\u00f3 nhi\u1ec1u sao, ng\u01b0\u1eddi theo d\u00f5i v\u00e0 cam k\u1ebft, nh\u01b0ng h\u1ea7u h\u1ebft ho\u1ea1t \u0111\u1ed9ng n\u00e0y l\u00e0 gi\u1ea3 m\u1ea1o. C\u00e1c t\u00e0i kho\u1ea3n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o c\u00f9ng m\u1ed9t l\u00fac, th\u01b0\u1eddng ch\u1ec9 v\u1edbi m\u1ed9t t\u1ec7p v\u00e0 c\u00e1c cam k\u1ebft t\u1ef1 \u0111\u1ed9ng \u0111\u00e3 l\u00e0m t\u0103ng s\u1ed1 l\u01b0\u1ee3ng. Th\u1ee7 thu\u1eadt k\u1ef9 thu\u1eadt x\u00e3 h\u1ed9i n\u00e0y \u0111\u00e3 khi\u1ebfn c\u00e1c kho l\u01b0u tr\u1eef tr\u00f4ng c\u00f3 th\u1eadt \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n, nh\u1eefng ng\u01b0\u1eddi c\u00f3 th\u1ec3 \u0111\u01b0a c\u00e1c g\u00f3i npm \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00f4ng vi\u1ec7c c\u1ee7a h\u1ecd.<\/p>\n\n

C\u00e1c chuy\u00ean gia c\u1ea3nh b\u00e1o r\u1eb1ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec ch\u00fang nh\u1eafm v\u00e0o c\u00e1c c\u00f4ng c\u1ee5 \u0111\u00e1ng tin c\u1eady. B\u1eb1ng c\u00e1ch \u1ea9n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i b\u00ean trong c\u00e1c th\u01b0 vi\u1ec7n ngu\u1ed3n m\u1edf, hacker c\u00f3 th\u1ec3 ti\u1ebfp c\u1eadn h\u00e0ng tri\u1ec7u nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i c\u00f9ng c\u00f9ng m\u1ed9t l\u00fac. Ch\u1ec9 trong n\u0103m nay, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u \u0111\u00e3 t\u00ecm th\u1ea5y h\u01a1n hai m\u01b0\u01a1i chi\u1ebfn d\u1ecbch tr\u00ean npm, GitHub v\u00e0 PyPI nh\u1eb1m \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed. M\u1ed9t s\u1ed1 s\u1eed d\u1ee5ng tr\u00ecnh thu th\u1eadp th\u00f4ng tin, nh\u1eefng ng\u01b0\u1eddi kh\u00e1c tri\u1ec3n khai tr\u00ecnh khai th\u00e1c ti\u1ec1n xu v\u00e0 nhi\u1ec1u ng\u01b0\u1eddi d\u1ef1a v\u00e0o l\u1eeba \u0111\u1ea3o \u0111\u1ec3 thu th\u1eadp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m.<\/p>\n\n

Ch\u1ec9 s\u1ed1 x\u00e2m ph\u1ea1m (IOC), ch\u1eb3ng h\u1ea1n nh\u01b0 c\u00e1c mi\u1ec1n \u0111\u00e1ng ng\u1edd, m\u00e3 b\u1ecb che gi\u1ea5u v\u00e0 c\u00e1c kho l\u01b0u tr\u1eef gi\u1ea3, gi\u00fap c\u00e1c nh\u00f3m b\u1ea3o m\u1eadt ph\u00e1t hi\u1ec7n c\u00e1c m\u1ed1i \u0111e d\u1ecda n\u00e0y. Tuy nhi\u00ean, nhi\u1ec1u ng\u01b0\u1eddi d\u00f9ng s\u1ebd kh\u00f4ng nh\u1eadn th\u1ea5y cho \u0111\u1ebfn khi ti\u1ec1n b\u1ecb m\u1ea5t. Hi\u1ec7n t\u1ea1i, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n c\u1ea7n ki\u1ec3m tra c\u1ea9n th\u1eadn c\u00e1c g\u00f3i, ng\u01b0\u1eddi b\u1ea3o tr\u00ec v\u00e0 m\u00e3 tr\u01b0\u1edbc khi s\u1eed d\u1ee5ng. Ng\u01b0\u1eddi d\u00f9ng ti\u1ec1n \u0111i\u1ec7n t\u1eed n\u00ean xem x\u00e9t v\u00ed ph\u1ea7n c\u1ee9ng v\u00e0 tr\u00e1nh th\u1ef1c hi\u1ec7n c\u00e1c giao d\u1ecbch l\u1edbn cho \u0111\u1ebfn khi m\u1ed1i \u0111e d\u1ecda \u0111\u01b0\u1ee3c ki\u1ec3m so\u00e1t. Cu\u1ed9c t\u1ea5n c\u00f4ng cho th\u1ea5y t\u1ed9i ph\u1ea1m m\u1ea1ng \u0111ang ph\u00e1t tri\u1ec3n nhanh nh\u01b0 th\u1ebf n\u00e0o v\u00e0 t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c b\u1ea3o m\u1eadt c\u1ea3 chu\u1ed7i cung \u1ee9ng ph\u1ea7n m\u1ec1m v\u00e0 t\u00e0i s\u1ea3n k\u1ef9 thu\u1eadt s\u1ed1.<\/p>","protected":false},"excerpt":{"rendered":"

M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng m\u1edbi \u0111ang \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed t\u1eeb ng\u01b0\u1eddi d\u00f9ng khi h\u1ecd g\u1eedi giao d\u1ecbch v\u00e0 nhi\u1ec1u chuy\u00ean gia g\u1ecdi \u0111\u00e2y l\u00e0 cu\u1ed9c t\u1ea5n c\u00f4ng…<\/p>\n","protected":false},"author":2,"featured_media":2166,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-2165","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-solana"],"_links":{"self":[{"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/posts\/2165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/comments?post=2165"}],"version-history":[{"count":1,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/posts\/2165\/revisions"}],"predecessor-version":[{"id":2167,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/posts\/2165\/revisions\/2167"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/media\/2166"}],"wp:attachment":[{"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/media?parent=2165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/categories?post=2165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinnewscrypto.com\/vi\/wp-json\/wp\/v2\/tags?post=2165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}