{"id":12434,"date":"2023-06-16T06:00:00","date_gmt":"2023-06-16T03:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=12434"},"modified":"2023-06-16T14:23:06","modified_gmt":"2023-06-16T11:23:06","slug":"kaspersky-kriptovalyuta-cuzdanlarina-qarsi-mur%c9%99kk%c9%99b-coxm%c9%99rh%c9%99l%c9%99li-hucum-askar-edib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=12434","title":{"rendered":"Kaspersky kriptovalyuta c\u00fczdanlar\u0131na qar\u015f\u0131 m\u00fcr\u0259kk\u0259b \u00e7oxm\u0259rh\u0259l\u0259li h\u00fccum a\u015fkar edib"},"content":{"rendered":"\n

Kaspersky kriptovalyuta c\u00fczdanlar\u0131na qar\u015f\u0131 m\u00fcr\u0259kk\u0259b \u00e7oxm\u0259rh\u0259l\u0259li h\u00fccum a\u015fkar edib<\/strong><\/p>\n\n\n\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri Avropa, AB\u015e v\u0259 Lat\u0131n Amerikas\u0131 regionunda kripto pul kis\u0259l\u0259ri sahibl\u0259rin\u0259 troyan y\u00fckl\u0259yicisi DoubleFinger vasit\u0259sil\u0259 h\u0259yata ke\u00e7iril\u0259n yeni m\u00fcr\u0259kk\u0259b \u00e7oxm\u0259rh\u0259l\u0259li h\u00fccum a\u015fkar edibl\u0259r. Bu, kriptovalyuta c\u00fczdanlar\u0131ndan login v\u0259 \u015fifr\u0259l\u0259ri o\u011furlamaq \u00fc\u00e7\u00fcn GreetingGhoul v\u0259 Remcos Remote Access Trojan-dan (RAT) proqramlar\u0131n\u0131 daxil ed\u0259n m\u00fcr\u0259kk\u0259b z\u0259r\u0259rli proqramd\u0131r. M\u00fct\u0259x\u0259ssisl\u0259r t\u0259cav\u00fczkarlar\u0131n qabaqc\u0131l \u00fcsullardan istifad\u0259 etdikl\u0259rini v\u0259 y\u00fcks\u0259k s\u0259viyy\u0259d\u0259 texniki bacar\u0131q n\u00fcmayi\u015f etdirdikl\u0259rini qeyd edirl\u0259r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

H\u00fccum nec\u0259 t\u0259\u015fkil olunur<\/strong>. H\u00fccum qurban\u0131n e-po\u00e7tda z\u0259r\u0259rli PIF \u0259lav\u0259sini a\u00e7mas\u0131ndan sonra ba\u015flay\u0131r. Bu h\u0259r\u0259k\u0259t DoubleFinger y\u00fckl\u0259yicisinin birinci m\u0259rh\u0259l\u0259sini i\u015f\u0259 sal\u0131r. GreetingGhoul o\u011fru proqram\u0131n\u0131n h\u0259r g\u00fcn m\u00fc\u0259yy\u0259n bir vaxtda yerin\u0259 yetirm\u0259li olaca\u011f\u0131 bir tap\u015f\u0131r\u0131q yaratmaq \u00fc\u00e7\u00fcn DoubleFinger-\u0259 c\u0259mi be\u015f add\u0131m laz\u0131md\u0131r.<\/p>\n\n\n\n

O\u011furluq proqram\u0131 \u00f6z\u00fc iki komponentd\u0259n ibar\u0259tdir. Birincisi real kriptovalyuta c\u00fczdanlar\u0131n\u0131n interfeysi il\u0259 \u00fcst-\u00fcst\u0259 d\u00fc\u015f\u0259n v\u0259 istifad\u0259\u00e7inin t\u0259sad\u00fcf\u0259n c\u00fczdana giri\u015fi t\u0259min ed\u0259n a\u00e7ar ifad\u0259ni daxil ed\u0259 bil\u0259c\u0259yi saxta p\u0259nc\u0259r\u0259l\u0259r yaratmaq \u00fc\u00e7\u00fcn MS WebView2 m\u00fchitind\u0259n istifad\u0259 edir. \u0130kincisi qurban\u0131n cihaz\u0131nda kriptovalyuta c\u00fczdanlar\u0131 olan proqramlar\u0131 axtar\u0131r.<\/p>\n\n\n\n

B\u0259zi DoubleFinger n\u00fcmun\u0259l\u0259rinin Remcos RAT troyan\u0131n\u0131 y\u00fckl\u0259diyi m\u0259lum olub. Bu, t\u0259cav\u00fczkarlara uzaqdan idar\u0259etm\u0259ni h\u0259yata ke\u00e7irm\u0259y\u0259 imkan ver\u0259n tan\u0131nm\u0131\u015f kommersiya vasit\u0259sidir. \u018fvv\u0259ll\u0259r ona m\u00fcxt\u0259lif t\u0259\u015fkilatlara qar\u015f\u0131 h\u0259d\u0259fli h\u00fccumlarda rast g\u0259linib.<\/p>\n\n\n\n

DoubleFinger qab\u0131q kodlar\u0131ndan v\u0259 steqanoqrafiyadan, y\u0259ni m\u0259lumat\u0131 gizl\u0259tm\u0259k \u00fc\u00e7\u00fcn x\u00fcsusi \u00fcsullardan istifad\u0259 edir. O, h\u0259m\u00e7inin Windows COM interfeysl\u0259rind\u0259n istifad\u0259 ed\u0259r\u0259k tap\u015f\u0131r\u0131\u011f\u0131 gizli \u015f\u0259kild\u0259 icra edir v\u0259 uzaq prosesl\u0259ri ba\u015flatmaq \u00fc\u00e7\u00fcn qanuni prosesi z\u0259r\u0259rli prosesl\u0259 \u0259v\u0259z etm\u0259k texnikas\u0131na m\u00fcraci\u0259t edir – b\u00fct\u00fcn bunlar h\u00fccumun i\u015fl\u0259kliyi v\u0259 m\u00fcr\u0259kk\u0259bliyini t\u0259sdiql\u0259yir. Eyni zamanda, m\u00fct\u0259x\u0259ssisl\u0259r z\u0259r\u0259rli proqram kodunda rus dilind\u0259 bir ne\u00e7\u0259 m\u0259tn fraqmenti tap\u0131blar, m\u0259s\u0259l\u0259n, komanda v\u0259 idar\u0259etm\u0259 serverinin URL-i t\u0259hrif edilmi\u015f \u201cPrivetsvoyu\u201d transliterasiyas\u0131nda rus s\u00f6z\u00fc il\u0259 ba\u015flay\u0131r. Lakin bu, h\u00fccumlar\u0131n arxas\u0131nda rusdilli t\u0259\u015fkilat\u00e7\u0131lar\u0131n dayand\u0131\u011f\u0131n\u0131 iddia etm\u0259k \u00fc\u00e7\u00fcn kifay\u0259t deyil.<\/p>\n\n\n\n

\u201cT\u0259cav\u00fczkarlar\u0131n kriptovalyutaya mara\u011f\u0131 azalm\u0131r. DoubleFinger y\u00fckl\u0259yicisinin v\u0259 GreetingGhoul z\u0259r\u0259rli proqram\u0131n\u0131n arxas\u0131nda duran qrup m\u00fcr\u0259kk\u0259b, h\u0259d\u0259fli h\u00fccumlar s\u0259viyy\u0259sind\u0259 z\u0259r\u0259rli proqram yaratma\u011fa qadirdir. Kriptovalyuta c\u00fczdanlar\u0131n\u0131n qorunmas\u0131 onlar\u0131n istehsal\u00e7\u0131lar\u0131n\u0131n, sahibl\u0259rinin v\u0259 b\u00fct\u00fcn maraql\u0131 c\u0259miyy\u0259tin ortaq m\u0259suliyy\u0259tidir. Ay\u0131q qalmaq, g\u00fccl\u00fc t\u0259hl\u00fck\u0259sizlik t\u0259dbirl\u0259ri t\u0259tbiq etm\u0259k v\u0259 \u0259n aktual t\u0259hdidl\u0259ri ba\u015fa d\u00fc\u015fm\u0259k riskl\u0259ri azaltma\u011fa v\u0259 qiym\u0259tli r\u0259q\u0259msal aktivl\u0259rin t\u0259hl\u00fck\u0259sizliyini t\u0259min etm\u0259y\u0259 k\u00f6m\u0259k ed\u0259c\u0259k\u201d, – dey\u0259 Kaspersky-nin kibert\u0259hl\u00fck\u0259sizlik \u00fczr\u0259 eksperti Sergey Lojkin bildirir.<\/p>\n\n\n\n

H\u00fccum haqq\u0131nda \u0259trafl\u0131 m\u0259lumat\u0131 buradan \u0259ld\u0259 ed\u0259 bil\u0259rsiniz: securelist.ru\/doublefinger-loader-delivering-greetingghoul-cryptocurrency-stealer\/107578\/<\/a>.<\/p>\n\n\n\n

Kripto aktivl\u0259ri kiberh\u00fccumlardan qorumaq \u00fc\u00e7\u00fcn Kaspersky t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n