{"id":16826,"date":"2023-10-12T12:00:00","date_gmt":"2023-10-12T09:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=16826"},"modified":"2023-10-12T12:30:56","modified_gmt":"2023-10-12T09:30:56","slug":"kaspersky-yeni-z%c9%99r%c9%99rli-maliyy%c9%99-hucumu-proqramlari-haqqinda-danisir","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=16826","title":{"rendered":"\u201cKaspersky\u201d yeni z\u0259r\u0259rli maliyy\u0259 h\u00fccumu proqramlar\u0131 haqq\u0131nda dan\u0131\u015f\u0131r"},"content":{"rendered":"\n

\u201cKaspersky\u201d yeni z\u0259r\u0259rli maliyy\u0259 h\u00fccumu proqramlar\u0131 haqq\u0131nda dan\u0131\u015f\u0131r<\/strong><\/p>\n\n\n\n

\u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri yeni z\u0259r\u0259rli al\u0259tl\u0259ri t\u0259hlil edibl\u0259r. Onlardan biri olan \u201cLumma\u201d stileri (stealer) kriptovalyuta pul kis\u0259l\u0259rind\u0259n \u0259m\u0259liyyat tarix\u00e7\u0259l\u0259rini o\u011furlay\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

\u201cLumma\u201d n\u0259dir?<\/strong> Onun x\u0259b\u0259r\u00e7isi ilk d\u0259f\u0259 2018-ci ilin may\u0131nda a\u015fkarlanan \u201cArkei\u201d stileri olub. \u201cLumma\u201d \u201cArkei\u201dnin yeni versiyas\u0131d\u0131r. O, .docx fayllar\u0131n\u0131 .pdf format\u0131na \u00e7evirm\u0259k \u00fc\u00e7\u00fcn yarad\u0131lan saxta veb sayt vasit\u0259sil\u0259 yay\u0131l\u0131r. Y\u00fckl\u0259nmi\u015f fayllar ikiqat geni\u015fl\u0259ndirm\u0259 il\u0259 .pdf.exe format\u0131nda qaytar\u0131l\u0131r v\u0259 onlar\u0131 a\u00e7ma\u011fa \u00e7al\u0131\u015fan zaman komp\u00fcter\u0259 z\u0259r\u0259rli proqram qura\u015fd\u0131r\u0131l\u0131r. Stiler ke\u015fl\u0259nmi\u015f fayllar\u0131, konfiqurasiya fayllar\u0131n\u0131 v\u0259 kriptovalyuta c\u00fczdanlar\u0131n\u0131n \u0259m\u0259liyyat tarix\u00e7\u0259l\u0259rini o\u011furlaya bil\u0259r. O, brauzer \u0259lav\u0259si kimi i\u015fl\u0259yir v\u0259 \u201cBinance\u201d t\u0259tbiqi il\u0259 uy\u011funluq yarad\u0131r. \u201cLumma\u201d h\u0259m\u00e7inin stilerin \u0259vv\u0259lki versiyalar\u0131nda olmayan x\u00fcsusiyy\u0259tl\u0259r\u0259 malikdir – sistem prosesl\u0259rinin siyah\u0131lar\u0131n\u0131 \u0259ld\u0259 etm\u0259k, daha t\u0259kmil \u015fifr\u0259l\u0259m\u0259 texnikas\u0131 v\u0259 komanda v\u0259 idar\u0259etm\u0259 serveri t\u0259r\u0259find\u0259n g\u00f6nd\u0259ril\u0259n dinamik konfiqurasiya fayllar\u0131ndan istifad\u0259.<\/p>\n\n\n\n

\u201cZanubis\u201din t\u0259kam\u00fcl\u00fc.<\/strong> Qanuni t\u0259tbiql\u0259r ad\u0131 alt\u0131nda Perudan olan istifad\u0259\u00e7il\u0259r t\u0259r\u0259find\u0259n h\u00fccumlarda istifad\u0259 edil\u0259n bank troyan\u0131 \u201cZanubis\u201d 2022-ci ild\u0259n b\u0259ri m\u0259lumdur. O, \u201cAccessibility Services\u201d (x\u00fcsusi imkanlar xidm\u0259ti) sisteml\u0259rin\u0259  daxil olmaq icaz\u0259sini \u0259l\u0259 ke\u00e7irir. \u018fvv\u0259lc\u0259 \u201cAndroid\u201dd\u0259 maliyy\u0259 v\u0259 kriptovalyuta xidm\u0259tl\u0259ri kimi maskalanm\u0131\u015fd\u0131 v\u0259 2023-c\u00fc ilin aprelind\u0259 Peru Milli G\u00f6mr\u00fck v\u0259 Vergi Administrasiyas\u0131n\u0131n (SUNAT) r\u0259smi t\u0259tbiqini t\u0259qlid ed\u0259n versiyas\u0131 meydana \u00e7\u0131x\u0131b. Kodu qar\u0131\u015fd\u0131rmaq \u00fc\u00e7\u00fcn \u201cZanubis\u201d m\u0259\u015fhur \u201cAndroid\u201d proqram fayl\u0131 \u201cObfuscapk\u201ddan istifad\u0259 edir. Bu troyan proqramlarda veb s\u0259hif\u0259l\u0259rin a\u00e7\u0131lmas\u0131na cavabdeh olan \u201cWebView\u201d sistem komponentind\u0259n istifad\u0259 ed\u0259r\u0259k ger\u00e7\u0259k \u201cSUNAT\u201d veb-sayt\u0131n\u0131 y\u00fckl\u0259yir.<\/p>\n\n\n\n

M\u00fct\u0259x\u0259ssisl\u0259r m\u00fc\u0259yy\u0259n edibl\u0259r ki, troyan komanda serveri il\u0259 \u0259laq\u0259 yaratmaq \u00fc\u00e7\u00fcn \u201cWebSocket\u201d protokolundan v\u0259 \u201cSocket.IO\u201d kitabxanas\u0131ndan istifad\u0259 edir. Bu, ona uy\u011funla\u015fma\u011fa v\u0259 problem yarand\u0131qda bel\u0259 \u0259laq\u0259d\u0259 qalma\u011fa imkan verir. Bir \u00e7ox m\u00fcasir z\u0259r\u0259rli proqram kimi, \u201cZanubis\u201dd\u0259 d\u0259 h\u00fccum \u00fc\u00e7\u00fcn t\u0259tbiql\u0259rin sabit siyah\u0131s\u0131 yoxdur: t\u0259cav\u00fczkarlar bu siyah\u0131n\u0131 h\u0259r bir x\u00fcsusi cihaz \u00fc\u00e7\u00fcn f\u0259rdil\u0259\u015fdir\u0259 bil\u0259rl\u0259r. Bu halda, z\u0259r\u0259rli proqram ikinci \u0259laq\u0259 kanal\u0131n\u0131 yarada bil\u0259r ki, bu da ona cihaz \u00fcz\u0259rind\u0259 tam n\u0259zar\u0259ti \u0259ld\u0259 etm\u0259y\u0259 v\u0259 h\u0259tta \u201cAndroid\u201d yenil\u0259m\u0259si ad\u0131 alt\u0131nda onu tamamil\u0259 bloklama\u011fa imkan verir.<\/p>\n\n\n\n

Yeni \u015fifr\u0259l\u0259yici\/y\u00fckl\u0259yici<\/strong>. \u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri h\u0259m\u00e7inin yeralt\u0131 forumlarda sat\u0131lan, bu yax\u0131nlarda k\u0259\u015ff edilmi\u015f \u015fifr\u0259l\u0259yici\/y\u00fckl\u0259yici \u201cASMCrypt\u201di d\u0259 t\u0259hlil edibl\u0259r. Bu c\u00fcr al\u0259tl\u0259rd\u0259n y\u00fckl\u0259m\u0259 prosesinin \u00f6z\u00fcn\u00fc v\u0259 ya dig\u0259r z\u0259r\u0259rli proqramlar\u0131 gizl\u0259tm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 olunur. \u201cASMCrypt\u201d \u201cDoubleFinger<\/a>\u201d y\u00fckl\u0259yicisinin daha t\u0259kmil versiyas\u0131d\u0131r v\u0259 TOR \u015f\u0259b\u0259k\u0259sind\u0259 \u00e7al\u0131\u015fan xidm\u0259t \u00fc\u00e7\u00fcn \u201cfasad\u201d kimi istifad\u0259 olunur. Al\u0131c\u0131lar yoluxma \u00fcsullar\u0131n\u0131, h\u00fccum h\u0259d\u0259fl\u0259rini, ba\u015flan\u011f\u0131c parametrl\u0259rini v\u0259 m\u00fcxt\u0259lif z\u0259r\u0259rli proqram imkanlar\u0131n\u0131 f\u0259rdil\u0259\u015fdir\u0259 bil\u0259rl\u0259r. Z\u0259r\u0259rli funksionall\u0131q hostinq sayt\u0131na y\u00fckl\u0259nmi\u015f \u201c.png\u201d format\u0131nda olan \u015f\u0259klin i\u00e7\u0259risind\u0259 gizl\u0259nir.<\/p>\n\n\n\n

\u201cM\u0259nf\u0259\u0259t dal\u0131nca qa\u00e7an t\u0259cav\u00fczkarlar kriptovalyuta m\u00f6vzusundan f\u0259al \u015f\u0259kild\u0259 istifad\u0259 edir v\u0259 d\u00f6vl\u0259t qurumlar\u0131n\u0131n t\u0259tbiql\u0259rini t\u0259qlid edirl\u0259r. \u201cLumma\u201d stileri v\u0259 \u201cZanubis\u201d troyan\u0131 n\u00fcmun\u0259sind\u0259n istifad\u0259 ed\u0259r\u0259k, z\u0259r\u0259rli proqram m\u0259nz\u0259r\u0259sinin v\u0259 bu c\u00fcr kibert\u0259hl\u00fck\u0259l\u0259rin t\u0259bi\u0259tinin nec\u0259 d\u0259yi\u015fdiyini g\u00f6r\u0259 bil\u0259rik. Kibert\u0259hl\u00fck\u0259sizlik m\u00fct\u0259x\u0259ssisl\u0259ri z\u0259r\u0259rli kod v\u0259 h\u00fccum\u00e7u taktikas\u0131nda d\u0259yi\u015fiklikl\u0259ri daim izl\u0259m\u0259lidirl\u0259r. \u0130nki\u015faf etm\u0259kd\u0259 olan t\u0259hdidl\u0259rd\u0259n qorunmaq \u00fc\u00e7\u00fcn t\u0259\u015fkilatlar\u0131n say\u0131q qalmas\u0131 v\u0259 onlar\u0131n nec\u0259 inki\u015faf etdiyind\u0259n x\u0259b\u0259rdar olmas\u0131 vacibdir. Hesabatlar\u0131m\u0131z \u0259n son z\u0259r\u0259rli al\u0259tl\u0259r v\u0259 h\u00fccum \u00fcsullar\u0131 haqq\u0131nda m\u0259lumatlar t\u0259qdim edir. Bu, biz\u0259 r\u0259q\u0259msal t\u0259hl\u00fck\u0259sizlik u\u011frunda m\u00fcbariz\u0259d\u0259 bir add\u0131m \u00f6nd\u0259 olma\u011fa imkan verir\u201d, – dey\u0259 \u201cKaspersky\u201d-nin informasiya t\u0259hl\u00fck\u0259sizliyi t\u0259hdidl\u0259ri \u00fczr\u0259 apar\u0131c\u0131 t\u0259dqiqat\u00e7\u0131s\u0131 Tatyana \u015ei\u015fkova qeyd edir.<\/p>\n\n\n\n

Hesabat\u0131n tam m\u0259tni il\u0259 Securelist<\/a> sayt\u0131nda tan\u0131\u015f ola bil\u0259rsiniz.<\/p>\n\n\n\n

Bu c\u00fcr kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n qorunmaq \u00fc\u00e7\u00fcn \u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n