Ke kamaʻilio nei wau e pili ana i ka leak data pilikino, akā i kēia manawa e haʻi iki wau iā ʻoe e pili ana i ka hope o nā papahana IT me ka hoʻohana ʻana i ka laʻana o ʻelua mau mea hou.
I ka wā o ka loiloi hoʻopalekana hoʻopalekana waihona, ʻike pinepine ʻoe i nā kikowaena (
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.
E hoʻomaka kākou me kahi papahana me ka inoa nui "Putin's Team" (putinteam.ru).
Ua ʻike ʻia kahi kikowaena me MongoDB wehe ma 19.04.2019/XNUMX/XNUMX.
E like me kāu e ʻike ai, ʻo ka ransomware ka mea mua i hiki i kēia waihona:
ʻAʻole i loaʻa i ka ʻikepili nā ʻikepili pilikino koʻikoʻi, akā aia nā leka uila (emi iho ma mua o 1000), nā inoa mua / inoa inoa, nā huaʻōlelo hashed, nā hoʻonohonoho GPS (ʻike ʻia i ka wā e hoʻopaʻa inoa ai mai nā smartphones), nā kūlanakauhale noho a me nā kiʻi o nā mea hoʻohana pūnaewele i hana. kā lākou moʻokāki pilikino ma luna.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "Вадим",
"lastName" : "",
"city" : "Санкт-Петербург",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}
Nui loa ōpala ʻike a me nā moʻolelo hakahaka. No ka laʻana, ʻaʻole ʻike ka helu kau inoa nūhou i ka hoʻokomo ʻia ʻana o kahi leka uila, no laila ma kahi o kahi helu wahi, hiki iā ʻoe ke kākau i nā mea āu e makemake ai.
Ke hoʻoholo nei e ke kuleana kope ma ka pūnaewele, ua haʻalele ʻia ka papahana ma 2018. ʻAʻole i kūleʻa nā hoʻāʻo a pau e hoʻopili i nā ʻelele o ka papahana. Eia nō naʻe, loaʻa nā inoa inoa ʻole ma ka pūnaewele - aia kahi hoʻohālike o ke ola.
ʻO ka lua o ka papahana zombie i kaʻu loiloi i kēia lā ʻo ka Latvian hoʻomaka "Roamer" (roamerapp.com/ru).
Ma ʻApelila 21.04.2019, XNUMX, ua ʻike ʻia kahi waihona MongoDB wehe o ka polokalamu kelepona ʻo "Roamer" ma kahi kikowaena ma Kelemānia.
ʻO ka waihona, 207 MB ka nui, ua loaʻa i ka lehulehu mai Nowemapa 24.11.2018, XNUMX (e like me Shodan)!
Ma nā hōʻailona waho (ʻaʻole hana i ka leka uila kākoʻo ʻenehana, nā loulou i haki i ka hale kūʻai Google Play, kope kope ma ka pūnaewele mai 2016, etc.) ua haʻalele ʻia ka noi no ka manawa lōʻihi.
I ka manawa hoʻokahi, kokoke i nā media thematic āpau i kākau e pili ana i kēia hoʻomaka:
- VC: "ʻO ka mea hoʻomaka ʻo Latvian Roamer kahi mea pepehi kanaka»
- ka-kauhale: "Roamer: He palapala noi e hōʻemi ana i ke kumukūʻai o nā kelepona mai nā ʻāina ʻē»
- mea ola: "Pehea e hōʻemi ai i nā kumukūʻai kamaʻilio i ka wā e holo ana ma 10 mau manawa: Roamer»
ʻO ka "pepehi kanaka" me he mea lā ua pepehi iā ia iho, akā i ka wā i make ai ke hoʻomau nei ʻo ia e hōʻike i ka ʻikepili pilikino o kāna mea hoʻohana ...
Ke hoʻoholo nei i ka nānā ʻana o ka ʻike i loko o ka waihona, nui nā mea hoʻohana e hoʻomau i ka hoʻohana ʻana i kēia polokalamu kelepona. I loko o kekahi mau hola o ka nānā ʻana, 94 mau mea hou i puka mai. A no ka manawa mai Malaki 27.03.2019, 10.04.2019 a hiki i ʻApelila 66, XNUMX, XNUMX mau mea hoʻohana hou i hoʻopaʻa inoa i ka noi.
Logs (ʻoi aku ma mua o 100 tausani mau moʻolelo) o ka noi me ka ʻike e like me:
- kelepona hoʻohana
- loaʻa nā hōʻailona e kāhea i ka mōʻaukala (loaʻa ma o nā loulou e like me: api3.roamerapp.com/call/history/1553XXXXXX)
- ka moʻolelo kelepona (nā helu, ke kelepona komo a i ʻole ke kelepona ʻana, ke kumu kūʻai kelepona, ka lōʻihi, ka manawa kelepona)
- mea hoʻohana kelepona paʻa
- Nā helu IP mea hoʻohana
- kŘkohu kelepona o ka mea hoʻohana a me ka mana o ka OS mobile ma luna o ia mea (no ka laʻana, iPhone 7 12.1.4)
- helu leka uila mea hoʻohana
- koena moʻokāki mea hoʻohana a me ke kālā
- ʻāina mea hoʻohana
- kahi o kēia manawa ('āina) o ka mea hoʻohana
- pāʻālua hoʻolaha
- a nui aku.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}
ʻOiaʻiʻo, ʻaʻole hiki ke hoʻopili i nā mea nona ka waihona. ʻAʻole hana nā mea hoʻopili ma ka pūnaewele, nā memo ma ka pūnaewele media. ʻaʻohe mea i pane ma nā pūnaewele.
Loaʻa ka polokalamu ma ka Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Hiki ke loaʻa mau nā nūhou e pili ana i ka leaks ʻike a me nā mea komo ma kaʻu kahawai Telegram "
Source: www.habr.com