Ndikulankhula za kutayikira kwa deta yaumwini kachiwiri, koma nthawi ino ndikuwuzani pang'ono za moyo wa pambuyo pa ntchito za IT pogwiritsa ntchito chitsanzo cha zomwe zapezedwa posachedwapa.
Pakuwunika kwachitetezo cha database, nthawi zambiri zimachitika kuti mumapeza ma seva (, Ndinalemba mu blog) za mapulojekiti omwe akhalapo kale (kapena osati kale kwambiri) achoka kudziko lathu. Ntchito zotere zimapitirizabe kutsanzira moyo (ntchito), zofanana ndi Zombies (kusonkhanitsa deta ya ogwiritsa ntchito pambuyo pa imfa yawo).
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.Tiyeni tiyambe ndi polojekiti yokhala ndi dzina lokweza "Putin's Team" (putinteam.ru).
Seva yokhala ndi MongoDB yotseguka idapezeka pa 19.04.2019/XNUMX/XNUMX.
Monga mukuwonera, a ransomware anali oyamba kufika pa izi:
Malo osungirako malowa alibe zambiri zaumwini, koma pali ma adilesi a imelo (osakwana 1000), mayina oyambirira / mayina, mawu achinsinsi, ma GPS ogwirizanitsa (mwachiwonekere polembetsa kuchokera ku mafoni a m'manja), mizinda yokhalamo ndi zithunzi za ogwiritsa ntchito omwe adapanga. akaunti yawoyawo pa izo.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "ΠΠ°Π΄ΠΈΠΌ",
"lastName" : "",
"city" : "Π‘Π°Π½ΠΊΡ-ΠΠ΅ΡΠ΅ΡΠ±ΡΡΠ³",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Ambiri zinyalala zambiri ndi zolemba zopanda kanthu. Mwachitsanzo, kachidindo ka kalata yolembera makalata sikumayang'ana kuti imelo yalowetsedwa, kotero m'malo mwa adiresi, mukhoza kulemba chilichonse chimene mukufuna.
Potengera kukopera kwatsambali, ntchitoyi idasiyidwa mu 2018. Zoyesayesa zonse zolumikizana ndi oyimira polojekiti sizinaphule kanthu. Komabe, pali zolembetsa zosawerengeka patsamba - pali kutsanzira moyo.
Ntchito yachiwiri ya zombie pakuwunika kwanga lero ndikuyambitsa ku Latvia "Roamer" (roamerapp.com/ru).
Pa Epulo 21.04.2019, XNUMX, database yotseguka ya MongoDB ya pulogalamu yam'manja ya "Roamer" idapezeka pa seva ku Germany.
Malo osungirako zinthu zakale, 207 MB kukula kwake, akhala akupezeka poyera kuyambira Novembara 24.11.2018, XNUMX (malinga ndi Shodan)!
Ndi zizindikiro zonse zakunja (osagwira ntchito imelo adilesi yothandizira, maulalo osweka ku Google Play sitolo, kukopera pawebusayiti kuyambira 2016, ndi zina zambiri) pulogalamuyi idasiyidwa kwanthawi yayitali.
Panthawi ina, pafupifupi ma TV onse amalemba za kuyambika uku:
- VC: "Woyambitsa waku Latvia Roamer ndi wakupha woyendayendaΒ»
- mudzi: "Roamer: Ntchito yomwe imachepetsa mtengo wamafoni ochokera kunjaΒ»
- lifehacker: "Momwe mungachepetsere ndalama zoyankhulirana mukamayendayenda nthawi 10: RoamerΒ»
"Wakuphayo" akuwoneka kuti wadzipha yekha, koma ngakhale atamwalira akupitiriza kuulula zambiri za ogwiritsa ntchito ...
Kutengera kusanthula kwazomwe zili mu database, ogwiritsa ntchito ambiri akupitiliza kugwiritsa ntchito pulogalamu yam'manja iyi. M'maola ochepa chabe akuwonekera, zolemba zatsopano 94 zidawonekera. Ndipo kuyambira pa Marichi 27.03.2019, 10.04.2019 mpaka Epulo 66, XNUMX, ogwiritsa ntchito atsopano XNUMX adalembetsa mu pulogalamuyi.
Zolemba (zopitilira 100) za pulogalamuyi ndi zambiri monga:
- foni yam'manja
- ma tokeni kuti muyimbe mbiri yakale (yopezeka kudzera pamaulalo monga: api3.roamerapp.com/call/history/1553XXXXXX)
- mbiri yoyimba (nambala, mafoni obwera kapena otuluka, mtengo woyimba, nthawi, nthawi yoyimba)
- wogwiritsa ntchito mafoni
- Ma adilesi a IP
- mtundu wa foni ya wogwiritsa ntchito ndi mtundu wa OS wa m'manja (mwachitsanzo, iPhone 7 12.1.4)
- imelo adilesi ya ogwiritsa
- akaunti ya osuta ndi ndalama
- dziko la ogwiritsa ntchito
- malo apano (dziko) la wogwiritsa ntchito
- kodi zotsatsa
- ndi zina zambiri.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Inde, sikunali kotheka kulankhulana ndi eni ake a mazikowo. Contacts pa malo sagwira ntchito, mauthenga pa chikhalidwe TV. palibe amene amayankha pamanetiweki.
Pulogalamuyi ikupezekabe pa Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Nkhani zakutulutsa zambiri komanso zamkati zitha kupezeka panjira yanga ya Telegraph "Β»: .
Source: www.habr.com