Ke bua ka ho tsuba ha data ea botho hape, empa lekhetlong lena ke tla u bolella hanyenyane ka mor'a lefu la merero ea IT ke sebelisa mohlala oa lintho tse peli tse fumanoeng morao tjena.
Nakong ea tlhahlobo ea ts'ireletso ea database, hangata ho etsahala hore u fumane li-server (, Ke ngotse ka blog) ea merero eo nako e telele (kapa eseng khale haholo) e tlohileng lefats'e la rona. Merero e joalo e bile e tsoela pele ho etsisa bophelo (mosebetsi), ho tšoana le Zombies (ho bokella lintlha tsa botho tsa basebelisi ka mor'a lefu la bona).
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.A re qaleng ka morero o nang le lebitso le phahameng "Sehlopha sa Putin" (putinteam.ru).
Seva e nang le MongoDB e bulehileng e fumanoe ka 19.04.2019/XNUMX/XNUMX.
Joalokaha u bona, ransomware e bile eena oa pele oa ho fihla setsing sena:
Sebaka sa polokelo ea boitsebiso ha se na lintlha tsa bohlokoa ka ho khetheha, empa ho na le liaterese tsa imeile (ka tlase ho 1000), mabitso a pele / lifane, li-passwords tse potlakileng, lihokela tsa GPS (ho bonahala ha u ingolisa ho tsoa ho li-smartphones), litoropo tsa bolulo le linepe tsa basebelisi ba sebaka sa marang-rang. akhaonto ea bona ea botho ho eona.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "Вадим",
"lastName" : "",
"city" : "Санкт-Петербург",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Tse ngata haholo litšila tlhahisoleseding le direkoto tse se nang letho. Mohlala, khoutu ea ngoliso ea lengolo-tsoibila ha e hlahlobe hore na aterese ea lengolo-tsoibila e kentsoe, kahoo sebakeng sa aterese, u ka ngola eng kapa eng eo u e batlang.
Ho latela litokelo tsa litokelo sebakeng sa marang-rang, morero ona o ile oa lahloa kherehloa ka 2018. Liteko tsohle tsa ho ikopanya le baemeli ba morero ha lia atleha. Leha ho le joalo, ho na le ngoliso e sa tloaelehang setšeng - ho na le ho etsisa bophelo.
Morero oa bobeli oa zombie tlhahlobisong ea ka kajeno ke qalo ea Latvia "Roamer" (roamerapp.com/ru).
Ka la 21.04.2019 Mmesa, XNUMX, ho ile ha sibolloa database ea MongoDB e bulehileng ea sesebelisoa sa mohala "Roamer" ho seva sa Jeremane.
Database, 207 MB ka boholo, esale e fumaneha phatlalatsa ho tloha ka la 24.11.2018 Pulungoana XNUMX (ho ea ka Shodan)!
Ka matšoao ohle a kantle (aterese ea lengolo-tsoibila ea tšehetso ea tekheniki e sa sebetseng, lihokelo tse robehileng tsa lebenkele la Google Play, litokelo tsa molao ho webosaete ho tloha 2016, joalo-joalo) kopo e lahliloe ka nako e telele.
Ka nako e 'ngoe, hoo e ka bang mecha eohle ea litaba e ile ea ngola ka ho qala hona:
- VC: ".Roamer e qalang ea Latvia ke 'molai ea sollang»
- motse: "Roamer: Kopo e fokotsang litšenyehelo tsa mehala e tsoang kantle ho naha»
- lifehacker: "Mokhoa oa ho fokotsa litšenyehelo tsa puisano ha u ntse u solla ka makhetlo a 10: Roamer»
Ho bonahala eka "'molai" o ipolaile, empa leha a shoele o ntse a tsoela pele ho senola lintlha tsa botho tsa basebelisi ba hae ...
Ho latela tlhahlobo ea tlhaiso-leseling, basebelisi ba bangata ba tsoela pele ho sebelisa sesebelisoa sena sa mehala. Ka mor'a lihora tse seng kae feela ho shebiloe, ho ile ha hlaha likhatiso tse ncha tse 94. Ho tloha ka la 27.03.2019 Hlakubele 10.04.2019 ho isa la 66 Mmesa XNUMX, basebelisi ba bacha ba XNUMX ba ngolisitsoe ts'ebelisong.
Li-log (lirekoto tse fetang likete tse 100) tsa ts'ebeliso tse nang le tlhaiso-leseling e kang:
- fono ya mosebedisi
- ho fihlella li-tokens tsa nalane ea mohala (e fumaneha ka lihokelo tse kang: api3.roamerapp.com/call/history/1553XXXXXX)
- nalane ea mohala (linomoro, mohala o kenang kapa o tsoang, litšenyehelo tsa mohala, nako, nako ea mohala)
- opareitara ea mohala ea mosebelisi
- Liaterese tsa IP tsa basebelisi
- mofuta oa mohala oa mosebelisi le mofuta oa mobile OS ho eona (mohlala, iPhone 7 12.1.4)
- aterese ea lengolo-tsoibila la mosebelisi
- tekanyo ea akhaonto ea mosebedisi le chelete
- naha ea basebelisi
- sebaka sa hajoale (naha) ea mosebelisi
- dikhoutu tsa papatso
- le tse ling tse ngata.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Ha e le hantle, ho ne ho sa khonehe ho ikopanya le beng ba setsi. Mabitso setšeng ha a sebetse, melaetsa mecheng ea litaba tsa sechaba. ha ho motho ea arabelang marang-rang.
Sesebelisoa se ntse se fumaneha ho Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Litaba tse mabapi le ho lutla ha tlhahisoleseling le batho ba kahare li ka lula li fumaneha mocha oa ka oa Telegraph "" .
Source: www.habr.com