Masu bincike daga Malwarebytes Labs sun gano haɓaka gidan yanar gizon karya don mai sarrafa kalmar sirri kyauta KeePass, wanda ke rarraba malware, ta hanyar hanyar sadarwar talla ta Google. Wani mahimmin harin shine amfani da maharan yankin "ķeepass.info", wanda a kallon farko ba zai iya bambanta ba a cikin rubutun daga yankin hukuma na aikin "keepass.info". Lokacin neman kalmar "keepass" akan Google, an sanya tallan gidan yanar gizon karya a farkon wuri, kafin hanyar haɗin yanar gizon hukuma.
Don yaudarar masu amfani, an yi amfani da wata fasaha ta phishing da aka daɗe, dangane da rajistar wuraren da aka ba da izini na duniya (IDN) masu ɗauke da homoglyphs - haruffa masu kama da haruffan Latin, amma suna da ma'ana daban kuma suna da lambar unicode na kansu. Musamman ma, yankin “ķeepass.info” an yi rajista da shi azaman “xn--eepass-vbb.info” a cikin bayanin lamba kuma idan ka duba da kyau sunan da aka nuna a mashigin adireshi, zaka iya ganin digo a ƙarƙashin harafin “ ķ", wanda mafi yawan masu amfani suka gane kamar tabo ne akan allon. An haɓaka tunanin sahihancin buɗaɗɗen rukunin yanar gizon ta hanyar cewa an buɗe rukunin karya ta HTTPS tare da madaidaicin takardar shaidar TLS da aka samu don yanki na duniya.
Don toshe cin zarafi, masu yin rijista ba sa ƙyale rajistar wuraren IDN waɗanda ke haɗa haruffa daga haruffa daban-daban. Misali, yankin dummy apple.com ("xn--pple-43d.com") ba za a iya ƙirƙira ta wurin maye gurbin Latin "a" (U+0061) tare da Cyrillic "a" (U+0430). Haɗa haruffan Latin da Unicode a cikin sunan yanki shima an toshe, amma akwai keɓantawa ga wannan ƙuntatawa, wanda shine abin da maharan ke amfani da shi - haɗe tare da haruffa Unicode na rukunin haruffan Latin waɗanda ke cikin haruffa iri ɗaya ana ba da izini a cikin yankin. Misali, harafin “ķ” da aka yi amfani da shi wajen harin da aka yi la’akari da shi wani ɓangare ne na haruffan Latvia kuma ana karɓa don yanki a cikin yaren Latvia.
Don ketare matattara na hanyar sadarwar talla na Google da kuma tace bots waɗanda za su iya gano malware, an ayyana rukunin tsaka-tsaki mai tsaka-tsaki keepassstacking.site a matsayin babban hanyar haɗin yanar gizo a cikin toshe talla, wanda ke tura masu amfani waɗanda suka cika wasu sharuɗɗa zuwa yankin dummy “ķeepass. .bayani".
An tsara ƙirar rukunin yanar gizon don yin kama da gidan yanar gizon KeePass na hukuma, amma an canza shi zuwa zazzagewar shirin da zazzagewa (an kiyaye ganewa da salon gidan yanar gizon hukuma). Shafin zazzagewa na dandalin Windows ya ba da mai sakawa msix mai ɗauke da mugun code wanda ya zo tare da sa hannun dijital mai inganci. Idan an aiwatar da fayil ɗin da aka sauke akan tsarin mai amfani, an kuma ƙaddamar da rubutun FakeBat, ana zazzage abubuwan ɓarna daga uwar garken waje don kai hari ga tsarin mai amfani (misali, don shiga bayanan sirri, haɗa zuwa botnet, ko maye gurbin lambobin walat ɗin crypto a ciki. allo).
source: budenet.ru