Waxaan ka hadlayaa daadinta xogta shakhsi ahaaneed mar kale, laakiin markan waxaan wax yar kaaga sheegi doonaa nolosha dambe ee mashaariicda IT-ga iyadoo la adeegsanayo tusaalaha laba helitaan oo dhowaan la helay.
Inta lagu jiro xisaabinta amniga xogta, waxa badanaa dhacda in aad hesho server-yada, Waxaan ku qoray blog) iska leh mashruucyo muddo dheer (ama aan aad u dheerayn) ka tagay adduunkeena. Mashruucyada noocan oo kale ah xitaa waxay sii wadaan inay ku daydaan nolosha (shaqada), oo u eg zombies (ururinta xogta shakhsi ahaaneed ee isticmaalayaasha dhimashadooda ka dib).
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.Aan ku bilowno mashruuc leh magaca weyn "Kooxda Putin" (putinteam.ru).
Seerfar leh MongoDB furan ayaa la helay 19.04.2019/XNUMX/XNUMX.
Sidaad arki karto, ransomware-ku wuxuu ahaa kii ugu horreeyay ee gaadhay saldhiggan:
Xogta kuma jirto xog gaar ah oo gaar ah, laakiin waxaa jira ciwaanno iimayl ah (in ka yar 1000), magacyo hore/magacyadii hore, furaha sirta ah ee la xaday, GPS coordinates (sida muuqata marka laga diiwaan gelinayo taleefannada casriga ah), magaalooyinka ay degan yihiin iyo sawirrada isticmaaleyaasha goobta abuuray. akoonkooda gaarka ah ee ku saabsan.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "ΠΠ°Π΄ΠΈΠΌ",
"lastName" : "",
"city" : "Π‘Π°Π½ΠΊΡ-ΠΠ΅ΡΠ΅ΡΠ±ΡΡΠ³",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Aad u badan qashinka xog iyo diiwaan madhan. Tusaale ahaan, koodhka ku-qorista warsidaha ma eego in ciwaanka iimaylka la geliyey, markaa beddelkii ciwaanka, waxaad qori kartaa wax kasta oo aad rabto.
Marka la eego xuquuqda daabacaadda ee bogga internetka, mashruuca waa laga tagay 2018. Dhammaan isku daygii lagu doonayay in lala xidhiidho wakiillada mashruuca waa lagu guul-darraystay. Si kastaba ha ahaatee, waxaa jira diiwaan gelin dhif ah goobta - waxaa jira ku dayasho nolosha.
Mashruuca Zombie labaad ee falanqayntayda maanta waa bilowga Latvia "Roamer" (roamerapp.com/ru).
Abriil 21.04.2019, XNUMX, MongoDB xogta furan ee codsiga moobilka "Roamer" ayaa laga helay server-ka Jarmalka.
Xogta kaydka, cabbirkeedu dhan yahay 207 MB, ayaa si guud loo helay ilaa Noofambar 24.11.2018, XNUMX (sida uu qabo Shodan)!
Dhammaan calaamadaha dibadda (ciwaanka emailka taageerada farsamada ee aan shaqaynayn, xiriirinta jaban ee dukaanka Google Play, xuquuqda daabacaadda ee bogga internetka ee 2016, iwm.) Codsiga ayaa laga tagay muddo dheer.
Hal mar, ku dhawaad ββdhammaan warbaahinta mowduuca ayaa wax ka qoray bilowgan:
- VC:"Bilowga Latvia Roamer waa dilaa meeraysanΒ»
- tuulada:"Roamer: Waa codsi dhimaya kharashka wicitaanka dibaddaΒ»
- lifehacker:"Sida loo yareeyo kharashaadka isgaadhsiinta marka aad dhex wareegayso 10 jeer: RoamerΒ»
"Dilaagu" wuxuu u muuqdaa inuu is dilay, laakiin xitaa marka uu dhinto wuxuu sii wadaa inuu soo bandhigo xogta shakhsi ahaaneed ee isticmaaleyaashiisa ...
Marka la eego falanqaynta macluumaadka ku jira kaydka xogta, isticmaaleyaal badan ayaa sii wada isticmaalka codsigan mobaylka. Dhowr saacadood ka dib kormeerka, 94 gelis cusub ayaa soo muuqday. Iyo muddada u dhaxaysa Maarso 27.03.2019, 10.04.2019 ilaa Abriil 66, XNUMX, XNUMX isticmaaleyaal cusub ayaa ka diiwaan gashan codsiga.
Logs (in ka badan 100 kun oo diiwaan) ee codsiga oo wata macluumaadka sida:
- telefoonka isticmaalaha
- geli calaamadaha lagu wacayo taariikhda (waxaa laga heli karaa xiriiriyeyaasha sida: api3.roamerapp.com/call/history/1553XXXXXX)
- taariikhda wicitaanka (lambarada, soo wacitaanka ama bixida, qiimaha wacitaanka, muddada, wakhtiga wacitaanka)
- isticmaalaha mobilada
- Ciwaanka IP-ga isticmaalaha
- Qaabka talefoonka isticmaalaha iyo nooca mobaylka OS ee ku dul yaal (tusaale ahaan, iPhone 7 12.1.4)
- ciwaanka emailka isticmaalaha
- hadhaaga akoontada isticmaalaha iyo lacagta
- dalka isticmaala
- goobta hadda (waddanka) isticmaalaha
- promokody
- iyo wax ka badan.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Dabcan, ma suurtagelin in lala xiriiro milkiilayaasha saldhigga. Xiriirada goobta ma shaqeeyaan, fariimaha warbaahinta bulshada. Qofna kama falceliyo shabakadaha.
App-ka ayaa wali laga helayaa Dukaanka App-ka ee Apple (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Wararka ku saabsan daadinta macluumaadka iyo kuwa ku jira had iyo jeer waxaa laga heli karaa kanaalkayga Telegram "Β»: .
Source: www.habr.com