Chiremba Webhu akawana anodzvanya Trojan mune yepamutemo kodhi yeAroid application iyo inokwanisa kunyoresa otomatiki vashandisi kumasevhisi akabhadharwa. Vaongorori vehutachiona vakaona shanduko dzinoverengeka dzechirongwa ichi chakaipa, chinonzi , ΠΈ . Kuvanza chinangwa chavo chechokwadi uye zvakare kuderedza mukana wekuonekwa kweTrojan, vanorwisa vakashandisa nzira dzakawanda.
Kutanga, vakagadzira maclickers muzvishandiso zvisina mhosva-makamera uye kuunganidzwa kwemifananidzo-akaita mabasa avakada. Nekuda kweizvozvo, pakanga pasina chikonzero chakajeka chekuti vashandisi nevashandi vekuchengetedza ruzivo vazvione sekutyisidzira.
Chechipiri, ese malware akadzivirirwa neiyo yekutengesa Jiagu package, iyo inoomesa kuona neantivirus uye inoomesa kodhi kuongororwa. Nenzira iyi, iyo Trojan yaive nemukana uri nani wekudzivirira kuoneswa neyakavakwa-mukati chengetedzo yeGoogle Play dhairekitori.
Chechitatu, vanyori vehutachiona vakaedza kuvanza iyo Trojan sezviziviso zvinozivikanwa zvekushambadzira uye zvinyorwa zvekuongorora. Kana yangowedzerwa kumapurogiramu ekutakura, yakavakirwa mumaSDK aripo kubva kuFacebook uye Gadzirisa, ichihwanda pakati pezvikamu zvadzo.
Uye zvakare, iyo clicker yakarwisa vashandisi nekusarudza: haina kuita chero hutsinye kana angave akabatwa anga asiri mugari weimwe yenyika dzinofarira kune vanorwisa.
Pazasi pane mienzaniso yekushandisa ine Trojan yakamisikidzwa mairi:
Mushure mekuisa uye kuvhura iyo clicker (pano, shanduko yayo ichashandiswa semuenzaniso ) kuedza kuwana zviziviso zvesystem yekushandisa nekuratidza chikumbiro chinotevera:
Kana mushandisi akabvuma kumupa mvumo inodiwa, iyo Trojan ichakwanisa kuvanza zvese zviziviso nezve inouya SMS uye kubata meseji zvinyorwa.
Tevere, iyo inodzvanya inotamisa data yehunyanzvi nezve mudziyo une hutachiona kune yekudzora server uye inotarisa serial nhamba yeSIM kadhi yemunhu akabatwa. Kana ichienderana neimwe yenyika dzakatariswa, inotumira kune sevha ruzivo nezve nhamba yefoni yakabatana nayo. Panguva imwecheteyo, anodzvanya anoratidza vashandisi kubva kune dzimwe nyika hwindo rekubira pavanenge vavakumbira kuti vaise nhamba kana kupinda muakaundi yavo yeGoogle:
Kana SIM kadhi yemunhu akabatwa isiri yenyika inofarira kune vanorwisa, iyo Trojan haitore chiito uye inomisa kuita kwayo kwakashata. Iko kutsvagirwa kugadziridzwa kweiyo clicker kurwisa vagari venyika dzinotevera:
- Austria
- Italy
- France
- Π’Π°ΠΈΠ»Π°Π½Π΄
- ΠΠ°Π»Π°ΠΉΠ·ΠΈΡ
- Germany
- Qatar
- Poland
- Greece
- Ireland
Mushure mekutumira ruzivo rwenhamba inomirira mirairo kubva kune manejimendi server. Inotumira mabasa kuTrojan, iyo ine kero dzemawebhusaiti yekurodha uye kodhi muJavaScript fomati. Iyi kodhi inoshandiswa kudzora kudzvanya kuburikidza neJavascriptInterface, kuratidza pop-up mameseji pachishandiso, kudzvanya pamapeji ewebhu, uye zvimwe zviito.
Mushure mekugamuchira kero yesaiti, inoivhura muWebView isingaonekwe, uko iyo yaimbogamuchirwa JavaScript ine paramita yekudzvanya inoiswa zvakare. Mushure mekuvhura webhusaiti ine premium sevhisi, iyo Trojan inongodzvanya pane inodiwa mabhatani uye mabhatani. Tevere, anogamuchira macode ekusimbisa kubva kuSMS uye anozvimiririra anosimbisa kunyoreswa.
Kunyangwe iyo iyo yekudzvanya haina basa rekushanda neSMS uye kuwana mameseji, inodarika ichi chinogumira. Zvinofamba sezvizvi. Iyo Trojan sevhisi inotarisisa zviziviso kubva pachishandiso, iyo nekusarudzika inopihwa kushanda neSMS. Kana meseji yasvika, sevhisi inovanza inoenderana system chiziviso. Inobva yabvisa ruzivo nezve yakagamuchirwa SMS kubva kwairi uye yoendesa kune iyo Trojan nhepfenyuro inogamuchira. Nekuda kweizvozvo, mushandisi haaone chero zviziviso nezve inouya SMS uye haazive zviri kuitika. Anodzidza nezve kunyoresa kushumiro chete kana mari ikatanga kunyangarika kubva kuaccount yake, kana paanoenda kune meseji menyu uye anoona SMS ine chekuita neyekutanga sevhisi.
Mushure mekunge Chiremba Webhu mazvikokota abata Google, zvikumbiro zvehutsinye zvakaonekwa zvakabviswa paGoogle Play. Zvose zvinozivikanwa zvinogadziridzwa zveiyi clicker zvinobudirira kuonekwa uye kubviswa neDr.Web anti-virus zvigadzirwa zveAroid uye naizvozvo hazviiti kutyisidzira kuvashandisi vedu.
Source: www.habr.com