Ndiri kutaura pamusoro pekudonha kwedata remunhu zvakare, asi panguva ino ini ndichakuudza zvishoma nezve hupenyu hwepashure hwemapurojekiti eIT uchishandisa muenzaniso wezviviri zvakawanikwa.
Munguva yekuongororwa kwekuchengetedza dhatabhesi, zvinowanzoitika kuti unowana maseva (, Ndakanyora mubhurogi) zvezvirongwa zvagara (kana kwete kare kare) zvakasiya nyika yedu. Mapurojekiti akadaro anoenderera mberi achitevedzera hupenyu (basa), akafanana zombies (kuunganidza ega data yevashandisi mushure mekufa kwavo).
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.Ngatitange nepurojekiti ine zita guru "Putin's Team" (putinteam.ru).
Sevha ine MongoDB yakavhurika yakawanikwa pa19.04.2019/XNUMX/XNUMX.
Sezvauri kuona, iyo ransomware ndiyo yekutanga kusvika pachigadziko ichi:
Iyo dhatabhesi haina kunyanya kukosha data remunhu, asi kune email kero (isingasviki 1000), ekutanga mazita / surnames, hashed password, GPS inoronga (sezviri pachena painonyoresa kubva kumafoni emafoni), maguta ekugara uye mafoto evashandisi vesaiti vakagadzira. account yavo pachavo pairi.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "ΠΠ°Π΄ΠΈΠΌ",
"lastName" : "",
"city" : "Π‘Π°Π½ΠΊΡ-ΠΠ΅ΡΠ΅ΡΠ±ΡΡΠ³",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Zvakawanda marara ruzivo uye zvinyorwa zvisina chinhu. Semuenzaniso, iyo tsamba yekunyorera kodhi haitarise kuti email kero yaiswa, saka pachinzvimbo chekero, unogona kunyora chero chaunoda.
Tichifunga nezvekodzero yewebhusaiti, chirongwa chakasiiwa muna 2018. Zvese kuedza kubata vamiriri veprojekiti hazvina kubudirira. Nekudaro, pane zvisingawanzo kunyoreswa pane saiti - kune kutevedzera kwehupenyu.
Yechipiri zombie purojekiti mukuongorora kwangu nhasi ndiyo yekutanga yeLatvia "Roamer" (roamerapp.com/ru).
Musi waApril 21.04.2019, XNUMX, yakavhurika MongoDB dhatabhesi yenharembozha application "Roamer" yakawanikwa pane server kuGermany.
Iyo dhatabhesi, 207 MB muhukuru, yave kuwanikwa pachena kubva munaNovember 24.11.2018, XNUMX (maererano naShodan)!
Nezvese zviratidzo zvekunze (isiri kushanda tekinoroji yekutsigira email kero, yakaputswa zvinongedzo kuGoogle Play chitoro, copyright pawebhusaiti kubva 2016, nezvimwewo) application yakasiiwa kwenguva yakareba.
Pane imwe nguva, dzinenge dzese media media dzakanyora nezve iyi yekutanga:
- VC: "Latvian yekutanga Roamer mhondi inotendereraΒ»
- musha: "Roamer: Chikumbiro chinoderedza mutengo wekufona kubva kunze kwenyikaΒ»
- lifehacker: "Maitiro ekudzikisa mari yekutaurirana uchitenderera negumi nguva: RoamerΒ»
"Muurayi" anoita kunge akazviuraya, asi kunyangwe akafa anoenderera mberi nekuzivisa ruzivo rwevashandisi vake ...
Tichitarisa nekuongororwa kweruzivo mudhatabhesi, vashandisi vazhinji vanoramba vachishandisa iyi mobile application. Mumaawa mashomanana ekucherechedza, zvinyorwa zvitsva 94 zvakabuda. Uye kwenguva kubva munaKurume 27.03.2019, 10.04.2019 kusvika Kubvumbi 66, XNUMX, makumi matanhatu nevashandisi vatsva vakanyoreswa mukushandisa.
Marogi (anopfuura zviuru zana marekodhi) echishandiso ane ruzivo rwakadai se:
- mushandisi foni
- kuwana tokens kufona nhoroondo (inowanikwa kuburikidza nezvinongedzo senge: api3.roamerapp.com/call/history/1553XXXXXX)
- nhoroondo yekufona (nhamba, runhare rwunopinda kana kubuda, mutengo wekufona, nguva, nguva yekufona)
- mushandisi nharembozha
- User IP kero
- modhi yefoni yemushandisi uye nhare yeOS vhezheni pairi (semuenzaniso, iPhone 7 12.1.4)
- mushandisi email kero
- mushandisi account chiyero uye mari
- nyika yemushandisi
- nzvimbo yazvino (nyika) yemushandisi
- kukurudzira kodhi
- uye nezvimwe zvakawanda.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Zvechokwadi, zvakanga zvisingabviri kuonana nevaridzi vebhesi. Mazita pasaiti haashande, mameseji pasocial media. hapana anopindura pamanetwork.
Iyo app ichiri kuwanikwa paApple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Nhau nezve ruzivo rwunoburitswa uye vemukati vanogona kugara vachiwanikwa pane yangu Telegraph chiteshi "Β»: .
Source: www.habr.com