Ugqirha Web ufumene iTrojan yokucofa kwikhathalogu esemthethweni yezicelo ze-Android ezikwaziyo ukubhalisa ngokuzenzekelayo abasebenzisi kwiinkonzo ezihlawulwayo. Abahlalutyi bentsholongwane baye bachonga uhlengahlengiso oluninzi lwale nkqubo ikhohlakeleyo, ebizwa ngokuba , ΠΈ . Ukufihla injongo yabo yokwenyani kunye nokunciphisa amathuba okufunyanwa kweTrojan, abahlaseli basebenzisa iindlela ezininzi.
Okokuqala, bakha abacofayo kwizicelo ezingenabungozi-iikhamera kunye nokuqokelela imifanekiso-ezenza imisebenzi yazo. Ngenxa yoko, kwakungekho sizathu sicacileyo sokuba abasebenzisi kunye neengcali zokhuseleko lolwazi bajonge njengesongelo.
Okwesibini, yonke i-malware yayikhuselwe yi-package ye-Jiagu yorhwebo, eyenza nzima ukufunyanwa yi-antiviruses kwaye idibanise uhlalutyo lwekhowudi. Ngale ndlela, iTrojan yayinethuba elingcono lokuphepha ukubhaqwa ngokhuseleko olwakhelwe ngaphakathi lwe-Google Play directory.
Okwesithathu, ababhali bentsholongwane bazama ukufihla iTrojan njengamathala eencwadi awaziwayo eentengiso kunye nohlalutyo. Nje ukuba yongezwe kwiinkqubo zokuthwala, yakhelwe kwii-SDK ezikhoyo kwi-Facebook kunye noLungisa, zifihla phakathi kwezinto zazo.
Ukongeza, i-clicker ihlasele abasebenzisi ngokukhethayo: ayizange yenze naziphi na izenzo ezikhohlakeleyo ukuba ixhoba elinokuthi lingabi ngumhlali kwelinye lamazwe anomdla kubahlaseli.
Ngezantsi yimizekelo yezicelo ezineTrojan efakwe kuzo:
Emva kokufaka kunye nokuqalisa i-clicker (emva koku, ukuguqulwa kwayo kuya kusetyenziswa njengomzekelo ) izama ukufikelela kwizaziso zesixokelelwano esisebenzayo ngokubonisa esi sicelo silandelayo:
Ukuba umsebenzisi uyavuma ukumnika iimvume eziyimfuneko, iTrojan iya kukwazi ukufihla zonke izaziso malunga ne-SMS engenayo kunye nokuthintela imiyalezo yomyalezo.
Emva koko, umntu ocofayo uhambisa idatha yobugcisa malunga nesixhobo esosulelekileyo kwiseva yolawulo kwaye ajonge inombolo yesiriyeli yeSIM khadi yexhoba. Ukuba ihambelana nelinye lamazwe ekujoliswe kuwo, ithumela kulwazi lweseva malunga nenombolo yefowuni ehambelana nayo. Kwangelo xesha, umntu ocofayo ubonisa abasebenzisi abavela kumazwe athile iwindow yokukhohlisa apho babacela ukuba bangenise inombolo okanye bangene kwiakhawunti yabo kaGoogle:
Ukuba i-SIM khadi yexhoba ayilona ilizwe elinomdla kubahlaseli, iTrojan ayithathi nyathelo kwaye imise umsebenzi wayo okhohlakeleyo. Uhlengahlengiso oluphandiweyo lwe-clicker attack abahlali bala mazwe alandelayo:
- Austria
- Italy
- France
- Π’Π°ΠΈΠ»Π°Π½Π΄
- ΠΠ°Π»Π°ΠΉΠ·ΠΈΡ
- Germany
- Qatar
- Poland
- Greece
- Ireland
Emva kokudlulisela ulwazi lwenombolo ilinda imiyalelo evela kumncedisi wolawulo. Ithumela imisebenzi kwiTrojan, equlethe iidilesi zewebhusayithi ukukhuphela kunye nekhowudi kwifomathi yeJavaScript. Le khowudi isetyenziselwa ukulawula umntu ocofayo ngeJavascriptInterface, bonisa imiyalezo evelayo kwisixhobo, yenza ucofa kumaphepha ewebhu, kunye nezinye iintshukumo.
Emva kokufumana idilesi yendawo, Ivula kwiWebView engabonakaliyo, apho iJavaScript yamkelwe ngaphambili eneparameters yonqakrazo nayo ilayishiwe. Emva kokuvula iwebhusayithi ngenkonzo yeprimiyamu, iTrojan icofa ngokuzenzekelayo kwiikhonkco eziyimfuneko kunye namaqhosha. Emva koko, ufumana iikhowudi zokuqinisekisa kwi-SMS kwaye uqinisekisa ngokuzimeleyo ukubhaliswa.
Ngaphandle kwento yokuba umntu ocofayo akanawo umsebenzi wokusebenza ngeSMS kunye nokufikelela kwimiyalezo, iyawugqitha lo mda. Ihamba ngolu hlobo. Inkonzo yeTrojan ibeka iliso kwizaziso ezivela kwisicelo, ethi ngokungagqibekanga inikwe ukusebenza ngeSMS. Xa umyalezo ufika, inkonzo ifihla isaziso senkqubo ehambelanayo. Emva koko ikhupha ulwazi malunga neSMS efunyenweyo kuyo kwaye idlulisele kwi-Trojan yosasazo. Ngenxa yoko, umsebenzisi akaboni naziphi na izaziso malunga neSMS engenayo kwaye akazi ukuba kwenzekani. Ufunda ngokubhalisela inkonzo kuphela xa imali iqala ukunyamalala kwi-akhawunti yakhe, okanye xa eya kwimenyu yemiyalezo kwaye ibone i-SMS ehambelana nenkonzo yeprimiyamu.
Emva kokuba iingcaphephe zeWebhu ziqhagamshelane noGoogle, usetyenziso olubi olufunyenweyo lwasuswa kuDlalo lukaGoogle. Zonke iinguqulelo ezaziwayo zolu cofa zichongiwe ngempumelelo kwaye zisuswe ngu Dr.Web anti-virus iimveliso ze-Android kwaye ke azibeki isoyikiso kubasebenzisi bethu.
umthombo: www.habr.com