{"id":24674,"date":"2024-06-06T03:00:00","date_gmt":"2024-06-06T00:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=24674"},"modified":"2024-06-06T11:57:57","modified_gmt":"2024-06-06T08:57:57","slug":"redlinedan-basqa-kim-var-kaspersky-2024-cu-ilin-%c9%99n-f%c9%99al-stilerl%c9%99rinin-adlarini-aciqlayib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=24674","title":{"rendered":"\u201cRedLine\u201ddan ba\u015fqa kim var: Kaspersky 2024-c\u00fc ilin \u0259n f\u0259al stilerl\u0259rinin adlar\u0131n\u0131 a\u00e7\u0131qlay\u0131b"},"content":{"rendered":"\n

\u201cRedLine\u201ddan ba\u015fqa kim var: Kaspersky 2024-c\u00fc ilin \u0259n f\u0259al stilerl\u0259rinin adlar\u0131n\u0131 a\u00e7\u0131qlay\u0131b<\/strong><\/p>\n\n\n\n

Stilerl\u0259r (stealer) r\u0259q\u0259msal cihazlardan \u015fifr\u0259 v\u0259 dig\u0259r m\u0259lumatlar\u0131 o\u011furlamaq \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulan z\u0259r\u0259rli proqram n\u00f6v\u00fcd\u00fcr. Kaspersky-nin GreAT (Global Research and Analysis Team \u2014 GReAT)) ekspertl\u0259ri 2024-c\u00fc ild\u0259 \u0259n aktiv stilerl\u0259rin ad\u0131n\u0131 a\u00e7\u0131qlay\u0131blar.<\/p>\n\n\n\n

Acrid<\/strong>. Bu z\u0259r\u0259rli proqram 2023-c\u00fc ilin dekabr\u0131nda a\u015fkar edilib. Bu g\u00fcn \u0259ks\u0259r sisteml\u0259r 64 bit olsa da, o, 32 bitlik sisteml\u0259r \u00fc\u00e7\u00fcn C++ dilind\u0259 yaz\u0131lm\u0131\u015fd\u0131r. Daha \u0259trafl\u0131 ara\u015fd\u0131rmadan sonra onun 32 bitlik m\u00fchit \u00fc\u00e7\u00fcn t\u0259rtib edilm\u0259sinin s\u0259b\u0259bi ayd\u0131n olur: t\u0259rtibat\u00e7\u0131 \u201cHeaven\u2019s Gate\u201d texnikas\u0131ndan istifad\u0259 etm\u0259k q\u0259rar\u0131na g\u0259lib. O, 32 bitlik proqramlara m\u00fc\u0259yy\u0259n t\u0259hl\u00fck\u0259sizlik t\u0259dbirl\u0259rind\u0259n yay\u0131nmaq \u00fc\u00e7\u00fcn 64 bitlik m\u00fchit\u0259 daxil olma\u011fa imkan verir. Stilerin funksionall\u0131\u011f\u0131 bu n\u00f6v z\u0259r\u0259rli proqram \u00fc\u00e7\u00fcn xarakterikdir: brauzer m\u0259lumatlar\u0131n\u0131n (kukil\u0259r, \u015fifr\u0259l\u0259r, dig\u0259r giri\u015f m\u0259lumatlar\u0131, bank kart\u0131 m\u0259lumatlar\u0131), lokal kriptovalyuta pul kis\u0259l\u0259ri, m\u00fc\u0259yy\u0259n adlar\u0131 olan fayllar (o c\u00fcml\u0259d\u0259n wallet.dat, password.docx), qura\u015fd\u0131r\u0131lm\u0131\u015f proqramlardan (FTP menecerl\u0259ri, messecerl\u0259r) hesab m\u0259lumatlar\u0131n\u0131 o\u011furlamaq.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Scarlet Stealer<\/strong>. Bu z\u0259r\u0259rli proqram \u201cPenguish\u201d y\u00fckl\u0259yicisinin t\u0259hlili zaman\u0131 a\u015fkar edilib. Olduqca qeyri-adi stilerdir: onun funksionall\u0131\u011f\u0131n\u0131n b\u00f6y\u00fck hiss\u0259si y\u00fckl\u0259diyi dig\u0259r ikili proqramlarda (t\u0259tbiql\u0259r v\u0259 \u201cGoogle Chrome\u201d brauzer \u0259lav\u0259l\u0259ri) yer al\u0131r. \u201cScarletStealer\u201d stileri i\u015f\u0259 d\u00fc\u015fd\u00fckd\u0259n sonra zaman qovluqlara aparan m\u00fc\u0259yy\u0259n yollar\u0131 yoxlayaraq kriptovalyutalar\u0131 v\u0259 kripto pul kis\u0259l\u0259rini axtar\u0131r.<\/p>\n\n\n\n

SYS01<\/strong>. \u018fn az\u0131 2022-ci ild\u0259n b\u0259ri m\u00f6vcud olan v\u0259 nisb\u0259t\u0259n az tan\u0131nan stilerdir. O, h\u0259m\u00e7inin \u201cAlbum Stealer\u201d v\u0259 \u201cS1deload Stealer\u201d adlar\u0131 il\u0259 tan\u0131n\u0131r. \u0130nfeksiya vektoru d\u0259yi\u015film\u0259z olaraq qal\u0131r: istifad\u0259\u00e7il\u0259ri aldadaraq m\u0259\u015fhur sosial \u015f\u0259b\u0259k\u0259d\u0259ki s\u0259hif\u0259 vasit\u0259sil\u0259 b\u00f6y\u00fckl\u0259r \u00fc\u00e7\u00fcn (18+) video kimi maskalanan z\u0259r\u0259rli ZIP arxivini y\u00fckl\u0259m\u0259y\u0259 nail olurlar. \u201cNewb\u201d adl\u0131 \u0259n son iterasiya ayr\u0131ca bir funksionall\u0131\u011f\u0131 n\u00fcmayi\u015f etdirir: brauzerd\u0259n m\u0259lumatlar\u0131n toplanmas\u0131 \u201cimageclass\u201d adl\u0131 ayr\u0131ca modula ayr\u0131l\u0131r. Bu kampaniyan\u0131n qurbanlar\u0131na \u0259ks\u0259riyy\u0259ti \u018flc\u0259zaird\u0259 olmaqla d\u00fcnya \u00fczr\u0259 rast g\u0259linib.<\/p>\n\n\n\n

2023-c\u00fc ild\u0259 h\u00fccuma m\u0259ruz qalan h\u0259r ikinci cihaz \u201cRedLine\u201d stileri t\u0259r\u0259find\u0259n yoluxdurulub  – daha \u0259trafl\u0131 m\u0259lumat\u0131 buradan<\/a> g\u00f6r\u0259 bil\u0259rsiniz.<\/p>\n\n\n\n

\u201cStilerl\u0259r real v\u0259 aktual t\u0259hl\u00fck\u0259 m\u0259nb\u0259yidir. Bu c\u00fcr proqramlar \u015fifr\u0259l\u0259ri v\u0259 dig\u0259r m\u0259xfi m\u0259lumatlar\u0131 o\u011furlay\u0131r ki, onlar sonradan dig\u0259r z\u0259r\u0259rli m\u0259qs\u0259dl\u0259r \u00fc\u00e7\u00fcn istifad\u0259 oluna bil\u0259r v\u0259 bu, \u0259n az\u0131 b\u00f6y\u00fck maliyy\u0259 itkil\u0259rin\u0259 s\u0259b\u0259b olur. \u00d6z\u00fcn\u00fcz\u00fc stilerl\u0259rd\u0259n qorumaq \u00fc\u00e7\u00fcn kibergigiyena il\u0259 ba\u011fl\u0131 bir ne\u00e7\u0259 \u0259sas qaydaya riay\u0259t etm\u0259k vacibdir: h\u0259mi\u015f\u0259 istifad\u0259 etdiyiniz proqram t\u0259minat\u0131na \u0259n son t\u0259hl\u00fck\u0259sizlik yamaqlar\u0131n\u0131 qura\u015fd\u0131r\u0131n, \u015f\u00fcbh\u0259li m\u0259nb\u0259l\u0259rd\u0259n fayllar\u0131 y\u00fckl\u0259m\u0259yin v\u0259 \u015f\u00fcbh\u0259li e-po\u00e7tlardak\u0131 \u0259lav\u0259l\u0259ri a\u00e7may\u0131n. Daha etibarl\u0131 m\u00fcdafi\u0259 \u00fc\u00e7\u00fcn \u201cSystemWatcher\u201d komponentimiz kimi komp\u00fcterinizd\u0259 ba\u015f ver\u0259n hadis\u0259l\u0259ri izl\u0259y\u0259n t\u0259hl\u00fck\u0259sizlik h\u0259llini qura\u015fd\u0131ra bil\u0259rsiniz\u201d, – dey\u0259 Kaspersky GreAT apar\u0131c\u0131 t\u0259dqiqat\u00e7\u0131s\u0131 Tatyana \u015ei\u015fkova qeyd edir.<\/p>\n\n\n\n

Maliyy\u0259 kibert\u0259hdidl\u0259rinin qar\u015f\u0131s\u0131n\u0131 almaq \u00fc\u00e7\u00fcn Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n