{"id":67581,"date":"2025-09-06T19:54:30","date_gmt":"2025-09-06T22:54:30","guid":{"rendered":"https:\/\/mastertrend.info\/?p=67581"},"modified":"2026-01-21T01:05:13","modified_gmt":"2026-01-21T04:05:13","slug":"%ed%8a%b9%ec%9d%b4%ec%a0%90-%ec%97%ac%ea%b3%bc","status":"publish","type":"post","link":"https:\/\/mastertrend.info\/ko\/filtracion-s1ngularity\/","title":{"rendered":"S1ngularity \ud544\ud130\ub9c1: 2,180\uac1c \uacc4\uc815\uacfc 7,200\uac1c \uc800\uc7a5\uc18c."},"content":{"rendered":"

S1ngularity \uc720\ucd9c: GitHub \ubc0f NPM\uc5d0 \uc601\ud5a5 \ubbf8\uccd0<\/h2>\n
\n

\"GitHub<\/p>\n

Nx\ub97c \uaca8\ub0e5\ud55c "s1ngularity"\ub85c \uc54c\ub824\uc9c4 \uacf5\uae09\ub9dd \uacf5\uaca9\uc5d0 \ub300\ud55c \ucd5c\uadfc \uc870\uc0ac \uacb0\uacfc, \ub300\uaddc\ubaa8 \uc778\uc99d \uc815\ubcf4 \uc720\ucd9c\uc774 \ub4dc\ub7ec\ub0ac\uc2b5\ub2c8\ub2e4. \uc218\ucc9c \uac1c\uc758 \uacc4\uc815 \ud1a0\ud070\uacfc \uc800\uc7a5\uc18c \ube44\ubc00 \uc815\ubcf4\uac00 \uc720\ucd9c\ub418\uc5c8\uc73c\uba70, \uc774\ub294 \uc0ac\uac74\uc758 \uc5ec\ub7ec \ub2e8\uacc4\uc5d0 \uac78\uccd0 \uc601\ud5a5\uc744 \ubbf8\ucce4\uc2b5\ub2c8\ub2e4. Wiz\uc758 \uc0ac\ud6c4 \ubcf4\uace0\uc11c\ub294 \uc0ac\uac74\uc758 \ubc94\uc704\ub97c \uae30\ub85d\ud558\uace0 \uc720\ucd9c \uacfc\uc815\uacfc \uadf8 \uc601\ud5a5\uc5d0 \ub300\ud55c \ud1b5\ucc30\ub825\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4. \ud83d\udea8\ud83d\udcca<\/p>\n

Wiz \uc5f0\uad6c\uc6d0\ub4e4\uc774 \ubc1c\ud45c\ud55c \ud3c9\uac00\uc5d0 \ub530\ub974\uba74, \uc774 \uce68\ud574\ub85c \uc778\ud574 3\ub2e8\uacc4\uc5d0 \uac78\uccd0 2,180\uac1c \uacc4\uc815\uacfc 7,200\uac1c \uc800\uc7a5\uc18c\uac00 \ub178\ucd9c\ub418\uc5c8\uc73c\uba70, \ub9ce\uc740 \ube44\ubc00\uc774 \uc5ec\uc804\ud788 \uc720\ud6a8\ud569\ub2c8\ub2e4. \uc9c0\uc18d\uc801\uc778 \uc190\uc0c1\uc758 \uc704\ud5d8<\/a>\ubc31\uc11c\uc5d0\uc11c\ub294 \ud0c0\uc784\ub77c\uc778, \uacf5\uaca9\uc790\uc758 \uae30\uc220, \uc720\ucd9c\ub41c \ube44\ubc00\uc758 \uc131\uaca9\uc5d0 \ub300\ud55c \uc138\ubd80 \uc815\ubcf4\ub97c \uc81c\uacf5\ud569\ub2c8\ub2e4. \ud83d\udd0d\ud83d\udcc8<\/p>\n

Nx \uacf5\uae09\ub9dd \uacf5\uaca9 \u26a0\ufe0f\ud83d\ude80<\/h2>\n

Nx\ub294 \uc5d4\ud130\ud504\ub77c\uc774\uc988\uae09 JavaScript\/TypeScript \uc0dd\ud0dc\uacc4\uc5d0\uc11c \ub110\ub9ac \uc0ac\uc6a9\ub418\ub294 \uc624\ud508\uc18c\uc2a4 \ub2e8\uc77c \uc800\uc7a5\uc18c \ube4c\ub4dc \ubc0f \uad00\ub9ac \uc2dc\uc2a4\ud15c\uc785\ub2c8\ub2e4. NPM \ub808\uc9c0\uc2a4\ud2b8\ub9ac\uc5d0\uc11c \ub9e4\uc8fc \uc218\ubc31\ub9cc \uac74\uc758 \ub2e4\uc6b4\ub85c\ub4dc\uac00 \ubc1c\uc0dd\ud558\ub294 \uc0c1\ud669\uc5d0\uc11c, \uc190\uc0c1\ub41c \ud328\ud0a4\uc9c0\ub294 \uc218\ub9ce\uc740 \ud1b5\ud569 \ubc0f \uac1c\ubc1c \ud30c\uc774\ud504\ub77c\uc778\uc5d0 \uad11\ubc94\uc704\ud55c \uc601\ud5a5\uc744 \ubbf8\uce69\ub2c8\ub2e4. \u2699\ufe0f<\/p>\n

\uce68\ud574 \ubca1\ud130 \ubc0f \uc0ac\uace0 \ub0a0\uc9dc \ud83d\udcc5<\/h3>\n

El 26 de agosto de 2025, el actor malicioso explot\u00f3 un flujo de trabajo de GitHub Actions vulnerable en el repositorio de Nx para publicar una versi\u00f3n maliciosa del paquete en NPM. El paquete inclu\u00eda un script post-install malicioso llamado \u00abtelemetry.js\u00bb que actu\u00f3 como \ub9ec\uc6e8\uc5b4<\/a> extractor de credenciales en los sistemas afectados. \ud83d\udd25<\/p>\n

telemetry.js \ub9ec\uc6e8\uc5b4\uc758 \uc791\ub3d9 \ubc29\uc2dd \ud83d\udd75\ufe0f\u200d\u2642\ufe0f<\/h3>\n

El malware telemetry.js actu\u00f3 como un ladr\u00f3n de credenciales en Linux y macOS, intentando robar tokens de GitHub, tokens de npm, claves SSH, archivos .env, carteras de criptomonedas y otros secretos, para luego subirlos a repositorios p\u00fablicos de GitHub nombrados \u00abs1ngularity-repository. Este patr\u00f3n permiti\u00f3 al atacante centralizar y exponer la informaci\u00f3n robada. \ud83d\udd10<\/p>\n

\n
\"\uc790\uaca9
LLM\uc5d0\uac8c \uc790\uaca9 \uc99d\uba85 \ubc0f \uae30\ud0c0 \ube44\ubc00\uc744 \ucc3e\uc544 \ube7c\ub0b4\ub77c\uace0 \uc9c0\uc2dc\ud569\ub2c8\ub2e4.<\/strong>
\n\ucd9c\ucc98: Wiz<\/em><\/figcaption><\/figure>\n<\/div>\n

\uacf5\uaca9\uc790\ub294 AI \ud50c\ub7ab\ud3fc\uc6a9 \uba85\ub839\uc904 \ub3c4\uad6c(\uc608: Claude, Q, Gemini)\ub97c \ud1b5\ud569\ud558\uc5ec \ud2b9\uc815 \ud504\ub86c\ud504\ud2b8\ub97c \uc0ac\uc6a9\ud558\uc5ec \uac80\uc0c9 \ubc0f \uc218\uc9d1\uc744 \uc790\ub3d9\ud654\ud588\uc2b5\ub2c8\ub2e4. Wiz\ub294 \uacf5\uaca9 \uacfc\uc815\uc5d0\uc11c \ud504\ub86c\ud504\ud2b8\uac00 \uc5b4\ub5bb\uac8c \uc9c4\ud654\ud558\uc5ec \ucd94\ucd9c\uc744 \ucd5c\uc801\ud654\ud558\uace0 \ud2b9\uc815 \uba85\ub839\uc5d0 \ub300\ud55c \ubaa8\ub378 \uac70\ubd80\ub97c \uc6b0\ud68c\ud588\ub294\uc9c0\ub97c \uae30\ub85d\ud558\uace0 \uc788\uc73c\uba70, \uc774\ub294 \uacf5\uaca9\uc790\uac00 LLM \uae30\ubc95\uc5d0 \uc801\uadf9\uc801\uc73c\ub85c \uc801\uc751\ud558\uace0 \uc788\uc74c\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4. \u2728\ud83d\udca1<\/p>\n

\ucda9\uaca9 \ubc94\uc704: \ub370\ubbf8\uc9c0 \ubc18\uacbd \ubc0f \ub2e8\uacc4 \ud83d\udcc8\ud83d\udd25<\/h2>\n

\uc774 \uc0ac\uac74\uc740 \uc138 \ub2e8\uacc4\ub85c \uc9c4\ud589\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uccab \ubc88\uc9f8 \ub2e8\uacc4\uc5d0\uc11c\ub294 8\uc6d4 26\uc77c\uacfc 27\uc77c \uc0ac\uc774\uc5d0 Nx\uc758 \uc190\uc0c1\ub41c \ubc84\uc804\uc774 1,700\uba85\uc758 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uc9c1\uc811\uc801\uc778 \uc601\ud5a5\uc744 \ubbf8\uce58\uace0 2,000\uac1c \uc774\uc0c1\uc758 \uace0\uc720 \ube44\ubc00\uc744 \uc720\ucd9c\ud588\uc73c\uba70, \uac10\uc5fc\ub41c \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc57d 20,000\uac1c\uc758 \ud30c\uc77c\uc774 \ub178\ucd9c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. GitHub\uc774 \uac1c\uc785\ud588\uc9c0\ub9cc, \ub300\ubd80\ubd84\uc758 \ub370\uc774\ud130\ub294 \uc774\ubbf8 \ubcf5\uc81c\ub41c \uc0c1\ud0dc\uc600\uc2b5\ub2c8\ub2e4.<\/p>\n