{"id":28638,"date":"2024-09-24T11:00:00","date_gmt":"2024-09-24T08:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=28638"},"modified":"2024-09-24T17:51:33","modified_gmt":"2024-09-24T14:51:33","slug":"necro-troyaninin-yeni-versiyasinin-qurbani-android-cihazlarin-milyonlarla-istifad%c9%99cisi-ola-bil%c9%99r","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=28638","title":{"rendered":"\u201cNecro\u201d troyan\u0131n\u0131n yeni versiyas\u0131n\u0131n qurban\u0131 \u201cAndroid\u201d cihazlar\u0131n milyonlarla istifad\u0259\u00e7isi ola bil\u0259r"},"content":{"rendered":"\n

\u201cNecro\u201d troyan\u0131n\u0131n yeni versiyas\u0131n\u0131n qurban\u0131 \u201cAndroid\u201d cihazlar\u0131n milyonlarla istifad\u0259\u00e7isi ola bil\u0259r<\/strong><\/p>\n\n\n\n

M\u00fcxt\u0259lif \u00f6lk\u0259l\u0259rd\u0259<\/em>ki istifad\u0259\u00e7il\u0259r <\/em>t<\/em>ro<\/em>y<\/em>anla qar\u015f\u0131la\u015f<\/em>\u0131b<\/em>lar. <\/em>\u201c<\/em>Necro<\/em>\u201dnun<\/em> h\u0259l\u0259 d\u0259 qeyri-r\u0259smi platformalarda yay\u0131l<\/em>ma ehtimal\u0131 var<\/em><\/p>\n\n\n\n

2024-c\u00fc il avqustun sonunda Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u201cGoogle Play\u201dd\u0259 v\u0259 qeyri-r\u0259smi platformalarda bir ne\u00e7\u0259 m\u0259\u015fhur proqrama \u201cNecro\u201d z\u0259r\u0259rli proqram\u0131n\u0131n yeni versiyas\u0131n\u0131n s\u0131zd\u0131\u011f\u0131n\u0131 a\u015fkar edibl\u0259r. Bu, \u201cAndroid\u201d \u00fc\u00e7\u00fcn y\u00fckl\u0259yicidir v\u0259 troyan\u0131n yarad\u0131c\u0131lar\u0131n\u0131n verdiyi \u0259mrl\u0259rd\u0259n as\u0131l\u0131 olaraq yoluxmu\u015f smartfona dig\u0259r z\u0259r\u0259rli komponentl\u0259ri y\u00fckl\u0259yir v\u0259 i\u015f\u0259 sal\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Troyan n\u0259y\u0259 qadirdir?<\/strong> Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u0259r\u0259find\u0259n a\u015fkar edilmi\u015f \u201cNecro\u201d troyan variant\u0131 cihazda g\u00f6r\u00fcnm\u0259z p\u0259nc\u0259r\u0259l\u0259rd\u0259 reklamlar g\u00f6st\u0259r\u0259n v\u0259 yoluxmu\u015f smartfona icra k\u0259nar t\u0259tbiql\u0259r y\u00fckl\u0259y\u0259n, icra olunan fayllar\u0131 endir\u0259n, g\u00f6r\u00fcnm\u0259z p\u0259nc\u0259r\u0259l\u0259rd\u0259 \u201cWebView\u201dd\u0259 ixtiyari linkl\u0259ri a\u00e7an v\u0259 orada ixtiyari \u201cJavaScript\u201d kodu yerin\u0259 yetir\u0259n, h\u0259m\u00e7inin texniki x\u00fcsusiyy\u0259tl\u0259r\u0259 \u0259saslanaraq, \u00e7ox g\u00fcman ki, \u00f6d\u0259ni\u015fli abun\u0259likl\u0259r\u0259 yaz\u0131la bil\u0259n z\u0259r\u0259rli proqramd\u0131r. Bundan \u0259lav\u0259, y\u00fckl\u0259n\u0259 bil\u0259n modullar t\u0259cav\u00fczkarlara qurban\u0131n cihaz\u0131 vasit\u0259sil\u0259 internet trafikini \u00f6t\u00fcrm\u0259k imkan\u0131 verir. Bu, qurban\u0131n ad\u0131ndan t\u0259cav\u00fczkarlara ehtiyac duyduqlar\u0131 resurslara, m\u0259s\u0259l\u0259n, qada\u011fan olunmu\u015f m\u0259lumatlara daxil olma\u011fa, h\u0259m\u00e7inin yoluxmu\u015f cihazdan proksi botnetin bir hiss\u0259si kimi istifad\u0259 etm\u0259y\u0259 imkan verir.<\/p>\n\n\n\n

Qeyri-r\u0259smi saytlarda yoluxmu\u015f proqramlar<\/strong>. Kiberm\u00fct\u0259x\u0259ssisl\u0259rin \u201cNecro\u201dnu gizl\u0259d\u0259n ilk tap\u0131nt\u0131s\u0131 d\u0259yi\u015fdirilmi\u015f \u201cSpotify Plus\u201d oldu. Onun m\u00fc\u0259llifl\u0259ri proqram\u0131n cihaza z\u0259r\u0259r verm\u0259diyini v\u0259 musiqi dinl\u0259m\u0259k \u00fc\u00e7\u00fcn r\u0259smi proqramda olmayan bir \u00e7ox \u0259lav\u0259 funksiyalara malik oldu\u011funu bildiribl\u0259r. Daha sonra ekspertl\u0259r h\u0259m\u00e7inin \u201cNecro\u201d y\u00fckl\u0259yicisi vasit\u0259sil\u0259 \u201cWhatsApp\u201d\u0131n d\u0259yi\u015fdirilmi\u015f versiyas\u0131n\u0131 v\u0259 sonra is\u0259 \u201cMinecraft\u201d, \u201cStumble Guys\u201d, \u201cCar Parking Multiplayer\u201d daxil olmaqla oyunlar\u0131n yoluxmu\u015f modifikasiyalar\u0131n\u0131 a\u015fkar edibl\u0259r. \u201cNecro\u201d qeyri-r\u0259smi reklam proqram\u0131 modulunun bir hiss\u0259si kimi t\u0259tbiql\u0259r\u0259 yol tap\u0131b.<\/p>\n\n\n\n

\u201cGooglePlay\u201dd\u0259 yoluxmu\u015f proqramlar<\/strong>. \u201cNecro\u201d kampaniyas\u0131 \u00fc\u00e7\u00fcnc\u00fc t\u0259r\u0259fl\u0259rin saytlar\u0131nda t\u0259kc\u0259 yay\u0131lmaq il\u0259 kifay\u0259tl\u0259nm\u0259yib. M\u00fct\u0259x\u0259ssisl\u0259r troyan\u0131 \u201cGoogle Play\u201dd\u0259 d\u0259 a\u015fkar edibl\u0259r. \u201cWuta Camera\u201d proqram\u0131nda v\u0259 \u201cMax Browser\u201d brauzerind\u0259 d\u0259 z\u0259r\u0259rli y\u00fckl\u0259yici tap\u0131l\u0131b. \u201cGoogle Play\u201dd\u0259n veril\u0259n m\u0259lumata g\u00f6r\u0259, bu proqramlar\u0131n y\u00fckl\u0259nm\u0259sinin \u00fcmumi say\u0131 11 milyonu \u00f6t\u00fcb. \u201cNecro\u201d da qeyri-r\u0259smi reklam modulunun bir hiss\u0259si olaraq bu platformada a\u015fkar edilmi\u015f t\u0259tbiql\u0259r\u0259 daxil edilib.<\/p>\n\n\n\n

Kaspersky yoluxmalar bar\u0259d\u0259 \u201cGoogle\u201da m\u0259lumat verib. N\u0259tic\u0259d\u0259 z\u0259r\u0259rli kod \u201cWuta Camera\u201d proqram\u0131ndan, \u201cMax Browser\u201d proqram\u0131 is\u0259 ma\u011fazadan silinib. Bununla bel\u0259, istifad\u0259\u00e7il\u0259r h\u0259l\u0259 d\u0259 qeyri-r\u0259smi saytlarda \u201cNecro\u201d il\u0259 qar\u015f\u0131la\u015fma riskini il\u0259 \u00fcz-\u00fcz\u0259dirl\u0259r.<\/p>\n\n\n\n

\u201c\u0130stifad\u0259\u00e7il\u0259r r\u0259smi t\u0259tbiql\u0259rin m\u0259hdudiyy\u0259tl\u0259rind\u0259n yan ke\u00e7m\u0259k ist\u0259dikd\u0259 v\u0259 ya \u0259lav\u0259 pulsuz funksiyalar \u0259ld\u0259 etm\u0259k \u00fcmidi il\u0259 qeyri-r\u0259smi d\u0259yi\u015fdirilmi\u015f proqramlar\u0131 y\u00fckl\u0259yirl\u0259r. T\u0259cav\u00fczkarlar is\u0259 bundan istifad\u0259 edirl\u0259r. \u00dc\u00e7\u00fcnc\u00fc t\u0259r\u0259f saytlarda moderasiya olmad\u0131\u011f\u0131 \u00fc\u00e7\u00fcn onlar tez-tez bu c\u00fcr proqramlarla birlikd\u0259 z\u0259r\u0259rli proqramlar\u0131 da yay\u0131rlar\u201d, Kaspersky-nin kibert\u0259hl\u00fck\u0259sizlik \u00fczr\u0259 eksperti Dmitri Kalinin bildirir. \u201cH\u0259m\u00e7inin maraql\u0131d\u0131r ki, t\u0259tbiql\u0259rd\u0259 qura\u015fd\u0131r\u0131lm\u0131\u015f \u201cNecro\u201d versiyas\u0131 steqanoqrafiya f\u0259ndl\u0259rind\u0259n istifad\u0259 edib, y\u0259ni faydal\u0131 y\u00fckl\u0259m\u0259ni \u00f6rt-basd\u0131r etm\u0259k \u00fc\u00e7\u00fcn onu \u015f\u0259klin arxas\u0131nda gizl\u0259dib. Bu, mobil z\u0259r\u0259rli proqram \u00fc\u00e7\u00fcn nadir bir hiyl\u0259dir\u201d.<\/p>\n\n\n\n

Kaspersky-nin t\u0259hl\u00fck\u0259sizlik h\u0259ll\u0259ri \u201cNecro\u201ddan qoruyur v\u0259 a\u015fkar edilmi\u015f y\u00fckl\u0259yicini \u201cTrojan-Downloader.AndroidOS.Necro.f\u201d v\u0259 \u201cTrojan-Downloader.AndroidOS.Necro.h\u201d, z\u0259r\u0259rli komponentl\u0259ri is\u0259 \u201cTrojan.AndroidOS.Necro\u201d kimi a\u015fkar edir.<\/p>\n\n\n\n

Daha \u0259trafl\u0131: https:\/\/securelist.ru\/necro-trojan-is-back-on-google-play\/110626\/<\/a>.<\/p>\n\n\n\n

Bu v\u0259 dig\u0259r kibert\u0259hdidl\u0259rd\u0259n qorunmaq \u00fc\u00e7\u00fcn Android cihaz sahibl\u0259rin\u0259 t\u00f6vsiy\u0259 edirik:<\/p>\n\n\n\n