{"id":45730,"date":"2026-04-16T01:00:00","date_gmt":"2026-04-15T22:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=45730"},"modified":"2026-04-16T11:22:09","modified_gmt":"2026-04-16T08:22:09","slug":"kaspersky-mut%c9%99x%c9%99ssisl%c9%99ri-android-ucun","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=45730","title":{"rendered":"Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u201cAndroid\u201d \u00fc\u00e7\u00fcn…."},"content":{"rendered":"\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u201cAndroid\u201d \u00fc\u00e7\u00fcn \u201cStarlink\u201d t\u0259tbiqini t\u0259qlid ed\u0259n z\u0259r\u0259rli proqram kampaniyas\u0131 a\u015fkar edibl\u0259r<\/strong><\/p>\n\n\n\n

Kaspersky-nin Qlobal t\u0259dqiqat v\u0259 t\u0259hlil qrupu (GReAT) kibercinay\u0259tkarlar\u0131n \u201cStarlink Android\u201d t\u0259tbiqinin ad\u0131 alt\u0131nda \u201cBeatBanker\u201d troyan\u0131n\u0131 yayd\u0131\u011f\u0131 \u201cAndroid\u201d \u0259m\u0259liyyat sistemi \u00fc\u00e7\u00fcn z\u0259r\u0259rli proqram kampaniyas\u0131n\u0131 a\u015fkar edib. H\u00fccum\u00e7ular ilk n\u00f6vb\u0259d\u0259 Braziliyadak\u0131 istifad\u0259\u00e7il\u0259ri h\u0259d\u0259f al\u0131rlar; lakin Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri hesab edirl\u0259r ki, dig\u0259r \u00f6lk\u0259l\u0259rd\u0259ki istifad\u0259\u00e7il\u0259r d\u0259 bu t\u0259hdidl\u0259 \u00fczl\u0259\u015f\u0259 bil\u0259rl\u0259r. Troyan \u201cMonero\u201d kriptovalyuta maynerind\u0259n istifad\u0259 edir v\u0259 \u0259lav\u0259 olaraq yoluxmu\u015f cihazlara (RAT) BTMOB uzaqdan idar\u0259etm\u0259 al\u0259tini qura\u015fd\u0131r\u0131r. Dayan\u0131ql\u0131l\u0131\u011f\u0131n\u0131 t\u0259min etm\u0259k \u00fc\u00e7\u00fcn \u201cBeatBanker\u201d, dem\u0259k olar ki, e\u015fidilm\u0259y\u0259n silsil\u0259 audiofayl\u0131 ehtiva ed\u0259n qeyri-adi mexanizmd\u0259n istifad\u0259 edir.<\/p>\n\n\n\n

“Ba\u015flan\u011f\u0131cda \u201cBeatBanker\u201din d\u00f6vl\u0259t xidm\u0259tl\u0259ri t\u0259tbiqinin ad\u0131 alt\u0131nda yay\u0131ld\u0131\u011f\u0131n\u0131 v\u0259 kriptovalyuta maynerin\u0259 \u0259lav\u0259 olaraq bank troyan\u0131 qura\u015fd\u0131rd\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fck. Lakin son a\u015fkarlama s\u0259yl\u0259rimiz bank modulu \u0259v\u0259zin\u0259 BTMOB RAT-\u0131 yerl\u0259\u015fdir\u0259n f\u0259rqli bir \u201cBeatBanker\u201d variant\u0131ndan istifad\u0259 ed\u0259n yeni bir kampaniyan\u0131 \u00fcz\u0259 \u00e7\u0131xard\u0131. G\u00f6r\u00fcn\u00fcr, h\u00fccum ed\u0259nl\u0259r bir \u00e7ox \u00f6lk\u0259d\u0259 daha \u00e7ox qurbana \u00e7atmaq \u00fc\u00e7\u00fcn yeni bir yemd\u0259n \u2013 \u201cStarlink\u201d t\u0259tbiqind\u0259n istifad\u0259 edirl\u0259r. Odur ki, istifad\u0259\u00e7il\u0259rin say\u0131ql\u0131\u011f\u0131 \u0259ld\u0259n verm\u0259m\u0259si v\u0259 smartfonlar\u0131n\u0131 qorumaq \u00fc\u00e7\u00fcn qabaqc\u0131l t\u0259hl\u00fck\u0259sizlik h\u0259ll\u0259rind\u0259n istifad\u0259 etm\u0259si vacibdir”, – dey\u0259 Kaspersky GReAT-\u0131n Lat\u0131n Amerikas\u0131 v\u0259 Avropa \u00fczr\u0259 r\u0259hb\u0259ri Fabio Assolini bildirib.<\/em><\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

\u0130lkin yoluxdurma vektoru<\/strong><\/p>\n\n\n\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri hesab edirl\u0259r ki, kibercinay\u0259tkarlar \u201cGoogle Play\u201d r\u0259smi ma\u011fazas\u0131n\u0131 t\u0259qlid ed\u0259n fi\u015finq s\u0259hif\u0259l\u0259ri vasit\u0259sil\u0259 \u201cBeatBanker\u201d troyan\u0131n\u0131 ehtiva ed\u0259n saxta \u201cStarlink\u201d t\u0259tbiqini yay\u0131rlar. M\u00fcdaxil\u0259 edilmi\u015f cihazda i\u015f\u0259 sal\u0131nd\u0131qdan sonra bu troyan \u201cGoogle Play\u201di d\u0259 t\u0259qlid ed\u0259n istifad\u0259\u00e7i interfeysi g\u00f6st\u0259rir. Kibercinay\u0259tkarlar qurbanlar\u0131 aldadaraq onlardan qura\u015fd\u0131rma icaz\u0259l\u0259rini \u0259ld\u0259 edir v\u0259 bununla da \u0259lav\u0259 gizli z\u0259r\u0259rli elementl\u0259rin y\u00fckl\u0259nm\u0259sin \u00fc\u00e7\u00fcn imkan qazan\u0131rlar.<\/p>\n\n\n\n

Kriptomayninq modulu v\u0259 BTMOB RAT<\/strong><\/p>\n\n\n\n

\u0130stifad\u0259\u00e7i saxta \u201cGoogle Play\u201d s\u0259hif\u0259sind\u0259 “YEN\u0130L\u018fM\u018f” d\u00fcym\u0259sini basd\u0131qda \u201cMonero\u201d kriptovalyuta mayneri a\u00e7\u0131l\u0131r. \u201cBeatBanker\u201d yoluxmu\u015f smartfonun batareya faizini v\u0259 temperaturunu, el\u0259c\u0259 d\u0259 istifad\u0259\u00e7i f\u0259aliyy\u0259tini izl\u0259yir, bundan sonra gizli kriptovalyuta mayneri i\u015f\u0259 sal\u0131n\u0131r v\u0259 ya dayand\u0131r\u0131l\u0131r.<\/p>\n\n\n\n

\u201cAndroid\u201d \u0259m\u0259liyyat sistemini yoluxduran troyan h\u0259m\u00e7inin BTMOB RAT-\u0131 o\u011furlanm\u0131\u015f cihaza qura\u015fd\u0131r\u0131r. BTMOB tam uzaqdan idar\u0259etm\u0259 t\u0259min edir v\u0259 \u201cz\u0259r\u0259rli proqram xidm\u0259t kimi\u201d (MaaS) ad\u0131 il\u0259 sat\u0131l\u0131r. O, avtomatik icaz\u0259l\u0259r ver\u0259 v\u0259 sistem bildiri\u015fl\u0259rini gizl\u0259d\u0259 bilir, h\u0259m\u00e7inin yoluxdurulmu\u015f cihazlarda PIN-kodlar, qrafik a\u00e7arlar v\u0259 \u015fifr\u0259l\u0259r daxil olmaqla, ekran kilidi m\u0259lumatlar\u0131n\u0131 \u0259l\u0259 ke\u00e7irm\u0259k \u00fc\u00e7\u00fcn haz\u0131rlanm\u0131\u015f mexanizml\u0259r\u0259 malikdir. Z\u0259r\u0259rli proqram h\u0259m\u00e7inin kibercinay\u0259tkarlar \u00fc\u00e7\u00fcn \u00f6n v\u0259 arxa kameralara giri\u015fi, GPS \u00fcz\u0259rind\u0259n yerl\u0259\u015fm\u0259 monitorinqini v\u0259 h\u0259ssas m\u0259lumatlar\u0131n davaml\u0131 toplanmas\u0131n\u0131 t\u0259min edir.<\/p>\n\n\n\n

Dayan\u0131ql\u0131l\u0131\u011f\u0131n\u0131 t\u0259min etm\u0259k v\u0259 silinm\u0259sini \u00e7\u0259tinl\u0259\u015fdirm\u0259k \u00fc\u00e7\u00fcn \u201cBeatBanker\u201d \u00f6n planda sabitl\u0259nmi\u015f bildiri\u015fi d\u0259st\u0259kl\u0259yir v\u0259 s\u0259ssiz media oxutma il\u0259 fon rejimind\u0259 xidm\u0259ti aktivl\u0259\u015fdirir. Bu taktika \u0259m\u0259liyyat sisteminin z\u0259r\u0259rli prosesi dayand\u0131rmas\u0131n\u0131n qar\u015f\u0131s\u0131n\u0131 almaq \u00fc\u00e7\u00fcn haz\u0131rlan\u0131b.<\/p>\n\n\n\n

Kaspersky m\u0259hsullar\u0131 bu t\u0259hl\u00fck\u0259ni \u201cHEUR:Trojan-Dropper.AndroidOS.BeatBanker\u201d v\u0259 \u201cHEUR:Trojan-Dropper.AndroidOS.Banker\u201d* kimi a\u015fkarlay\u0131r.<\/p>\n\n\n\n

Daha \u0259trafl\u0131 m\u0259lumat \u00fc\u00e7\u00fcn Securelist<\/a> n\u0259\u015frin\u0259 baxa bil\u0259rsiniz.<\/p>\n\n\n\n

Mobil t\u0259hdidl\u0259rd\u0259n qorunmaq \u00fc\u00e7\u00fcn Kaspersky a\u015fa\u011f\u0131dak\u0131lar\u0131 t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n