Kambani yeDoctor Web inowanikwa mukatalogu yepamutemo Android-Mapurogiramu ekudzvanya eTrojan anogona kunyorera vashandisi otomatiki kumasevhisi anobhadharwa. Vanoongorora mavhairasi vakaona shanduko dzakasiyana dzeiyi malware, inonzi , ΠΈ . Kuvanza chinangwa chavo chechokwadi uye zvakare kuderedza mukana wekuonekwa kweTrojan, vanorwisa vakashandisa nzira dzakawanda.
Kutanga, vakagadzira maclickers muzvishandiso zvisina mhosva-makamera uye kuunganidzwa kwemifananidzo-akaita mabasa avakada. Nekuda kweizvozvo, pakanga pasina chikonzero chakajeka chekuti vashandisi nevashandi vekuchengetedza ruzivo vazvione sekutyisidzira.
Chechipiri, ese malware akadzivirirwa neiyo yekutengesa Jiagu package, iyo inoomesa kuona neantivirus uye inoomesa kodhi kuongororwa. Nenzira iyi, iyo Trojan yaive nemukana uri nani wekudzivirira kuoneswa neyakavakwa-mukati chengetedzo yeGoogle Play dhairekitori.
Chechitatu, vanyori vehutachiona vakaedza kuvanza iyo Trojan sezviziviso zvinozivikanwa zvekushambadzira uye zvinyorwa zvekuongorora. Kana yangowedzerwa kumapurogiramu ekutakura, yakavakirwa mumaSDK aripo kubva kuFacebook uye Gadzirisa, ichihwanda pakati pezvikamu zvadzo.
Uye zvakare, iyo clicker yakarwisa vashandisi nekusarudza: haina kuita chero hutsinye kana angave akabatwa anga asiri mugari weimwe yenyika dzinofarira kune vanorwisa.
Pazasi pane mienzaniso yekushandisa ine Trojan yakamisikidzwa mairi:
Mushure mekuisa uye kuvhura iyo clicker (pano, shanduko yayo ichashandiswa semuenzaniso ) kuedza kuwana zviziviso zvesystem yekushandisa nekuratidza chikumbiro chinotevera:
Kana mushandisi akabvuma kumupa mvumo inodiwa, iyo Trojan ichakwanisa kuvanza zvese zviziviso nezve inouya SMS uye kubata meseji zvinyorwa.
Tevere, iyo inodzvanya inotamisa data yehunyanzvi nezve mudziyo une hutachiona kune yekudzora server uye inotarisa serial nhamba yeSIM kadhi yemunhu akabatwa. Kana ichienderana neimwe yenyika dzakatariswa, inotumira kune sevha ruzivo nezve nhamba yefoni yakabatana nayo. Panguva imwecheteyo, anodzvanya anoratidza vashandisi kubva kune dzimwe nyika hwindo rekubira pavanenge vavakumbira kuti vaise nhamba kana kupinda muakaundi yavo yeGoogle:
Kana SIM kadhi yemunhu akabatwa isiri yenyika inofarira kune vanorwisa, iyo Trojan haitore chiito uye inomisa kuita kwayo kwakashata. Iko kutsvagirwa kugadziridzwa kweiyo clicker kurwisa vagari venyika dzinotevera:
- Austria
- Italy
- France
- Π’Π°ΠΈΠ»Π°Π½Π΄
- ΠΠ°Π»Π°ΠΉΠ·ΠΈΡ
- Germany
- Qatar
- Poland
- Greece
- Ireland
Mushure mekutumira ruzivo rwenhamba inomirira mirairo kubva kune manejimendi server. Inotumira mabasa kuTrojan, iyo ine kero dzemawebhusaiti yekurodha uye kodhi muJavaScript fomati. Iyi kodhi inoshandiswa kudzora kudzvanya kuburikidza neJavascriptInterface, kuratidza pop-up mameseji pachishandiso, kudzvanya pamapeji ewebhu, uye zvimwe zviito.
Mushure mekugamuchira kero yesaiti, inoivhura muWebView isingaonekwe, uko iyo yaimbogamuchirwa JavaScript ine paramita yekudzvanya inoiswa zvakare. Mushure mekuvhura webhusaiti ine premium sevhisi, iyo Trojan inongodzvanya pane inodiwa mabhatani uye mabhatani. Tevere, anogamuchira macode ekusimbisa kubva kuSMS uye anozvimiririra anosimbisa kunyoreswa.
Kunyangwe iyo iyo yekudzvanya haina basa rekushanda neSMS uye kuwana mameseji, inodarika ichi chinogumira. Zvinofamba sezvizvi. Iyo Trojan sevhisi inotarisisa zviziviso kubva pachishandiso, iyo nekusarudzika inopihwa kushanda neSMS. Kana meseji yasvika, sevhisi inovanza inoenderana system chiziviso. Inobva yabvisa ruzivo nezve yakagamuchirwa SMS kubva kwairi uye yoendesa kune iyo Trojan nhepfenyuro inogamuchira. Nekuda kweizvozvo, mushandisi haaone chero zviziviso nezve inouya SMS uye haazive zviri kuitika. Anodzidza nezve kunyoresa kushumiro chete kana mari ikatanga kunyangarika kubva kuaccount yake, kana paanoenda kune meseji menyu uye anoona SMS ine chekuita neyekutanga sevhisi.
ΠΠΎΡΠ»Π΅ ΠΎΠ±ΡΠ°ΡΠ΅Π½ΠΈΡ ΡΠΏΠ΅ΡΠΈΠ°Π»ΠΈΡΡΠΎΠ² Β«ΠΠΎΠΊΡΠΎΡ ΠΠ΅Π±Β» Π² ΠΊΠΎΡΠΏΠΎΡΠ°ΡΠΈΡ Google ΠΎΠ±Π½Π°ΡΡΠΆΠ΅Π½Π½ΡΠ΅ Π²ΡΠ΅Π΄ΠΎΠ½ΠΎΡΠ½ΡΠ΅ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ Π±ΡΠ»ΠΈ ΡΠ΄Π°Π»Π΅Π½Ρ ΠΈΠ· Google Play. ΠΡΠ΅ ΠΈΠ·Π²Π΅ΡΡΠ½ΡΠ΅ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΡΡΠΎΠ³ΠΎ ΠΊΠ»ΠΈΠΊΠ΅ΡΠ° ΡΡΠΏΠ΅ΡΠ½ΠΎ Π΄Π΅ΡΠ΅ΠΊΡΠΈΡΡΡΡΡΡ ΠΈ ΡΠ΄Π°Π»ΡΡΡΡΡ Π°Π½ΡΠΈΠ²ΠΈΡΡΡΠ½ΡΠΌΠΈ ΠΏΡΠΎΠ΄ΡΠΊΡΠ°ΠΌΠΈ Dr.Web Π΄Π»Ρ Android ΠΈ ΠΏΠΎΡΠΎΠΌΡ Π½Π΅ ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΡΡ ΡΠ³ΡΠΎΠ·Ρ Π΄Π»Ρ Π½Π°ΡΠΈΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ.
Source: www.habr.com
