UDokotela Web uthole i-Clicker Trojan kukhathalogi esemthethweni yezinhlelo zokusebenza ze-Android ekwazi ukubhalisa ngokuzenzakalela abasebenzisi ezinsizeni ezikhokhelwayo. Abahlaziyi begciwane bathole izinguquko ezimbalwa zalolu hlelo olunonya, olubizwa , и . Ukufihla inhloso yabo yangempela kanye nokunciphisa amathuba okutholwa kweTrojan, abahlaseli basebenzisa amasu ambalwa.
Okokuqala, bakhe izichofozi zibe izinhlelo zokusebenza ezingenacala—amakhamera namaqoqo ezithombe—ezenza imisebenzi ezazihlosiwe. Ngenxa yalokho, asikho isizathu esicacile sokuthi abasebenzisi kanye nezingcweti zokuphepha kolwazi bababuke njengosongo.
Okwesibili, lonke uhlelo olungayilungele ikhompuyutha luvikelwe iphakheji ye-Jiagu yezentengiselwano, eyenza kube nzima ukutholwa ngama-antivirus futhi enze ukuhlaziya ikhodi kube nzima. Ngale ndlela, iTrojan ibe nethuba elingcono lokugwema ukutholwa ngokuvikela okwakhelwe ngaphakathi kohla lwemibhalo lwe-Google Play.
Okwesithathu, ababhali begciwane bazama ukufihla iTrojan njengemitapo yolwazi yokukhangisa neyokuhlaziya eyaziwayo. Uma seyengezwe ezinhlelweni zenkampani yenethiwekhi, yakhelwe kuma-SDK akhona asuka ku-Facebook kanye no-Adjust, ecasha phakathi kwezingxenye zawo.
Ngaphezu kwalokho, lowo ochofozayo uhlasele abasebenzisi ngokukhetha: akenzanga zenzo ezinonya uma lowo ongase abe isisulu kungesona isakhamuzi samazwe athakaselwayo kubahlaseli.
Ngezansi kunezibonelo zezinhlelo zokusebenza ezineThrojani eshumekwe kuzo:
Ngemva kokufaka nokuqalisa isichofozi (ngemuva kwalokhu, ukuguqulwa kwayo kuzosetshenziswa njengesibonelo ) izama ukufinyelela izaziso zesistimu yokusebenza ngokubonisa isicelo esilandelayo:
Uma umsebenzisi evuma ukumnika izimvume ezidingekayo, i-Trojan izokwazi ukufihla zonke izaziso mayelana ne-SMS engenayo futhi ibambe imibhalo yomlayezo.
Okulandelayo, isichofozi sidlulisela idatha yobuchwepheshe mayelana nedivayisi enegciwane kuseva yokulawula bese sihlola inombolo ye-serial ye-SIM khadi yesisulu. Uma ifana nelinye lamazwe okuhlosiwe, ithumela kuseva ulwazi mayelana nenombolo yocingo ehlotshaniswa nayo. Ngesikhathi esifanayo, isichofozi sibonisa abasebenzisi abavela emazweni athile iwindi lobugebengu bokweba imininingwane ebucayi lapho babacela khona ukuthi bafake inombolo noma bangene ngemvume ku-akhawunti yabo ye-Google:
Uma i-SIM khadi yesisulu ingeyona eyezwe elithakaselwa abahlaseli, iTrojan ayithathi sinyathelo futhi imisa umsebenzi wayo omubi. Izinguquko ezicwaningiwe zokuhlaselwa kwezakhamuzi zamazwe alandelayo:
- Austria
- Italy
- France
- Таиланд
- Малайзия
- Germany
- Qatar
- Poland
- Греция
- Ирландия
Ngemva kokudlulisa imininingwane yenombolo ilinda imiyalo evela kuseva yokuphatha. Ithumela imisebenzi ku-Trojan, equkethe amakheli amawebhusayithi ongawalanda futhi amakhodi ngefomethi ye-JavaScript. Le khodi isetshenziselwa ukulawula isichofozi nge-JavascriptInterface, ukubonisa imilayezo ye-pop-up kudivayisi, ukwenza ukuchofoza emakhasini ewebhu, nezinye izenzo.
Ngemva kokuthola ikheli lesayithi, iyivula ku-WebView engabonakali, lapho i-JavaScript eyamukelwe ngaphambilini enemingcele yokuchofoza nayo ilayishwa khona. Ngemva kokuvula iwebhusayithi enesevisi ye-premium, i-Trojan ichofoza ngokuzenzakalelayo izixhumanisi ezidingekayo nezinkinobho. Okulandelayo, uthola amakhodi okuqinisekisa ku-SMS futhi uqinisekise ngokuzimela ukubhalisa.
Naphezu kweqiniso lokuthi isichofozi asinawo umsebenzi wokusebenza nge-SMS nokufinyelela imilayezo, siyawudlula lo mkhawulo. Kuhamba kanje. Isevisi ye-Trojan iqapha izaziso ezivela kuhlelo lokusebenza, okuthi ngokuzenzakalelayo lwabelwe ukusebenza nge-SMS. Uma umlayezo ufika, isevisi ifihla isaziso sesistimu esihambelanayo. Ibe isikhipha ulwazi mayelana ne-SMS eyamukelwe kuyo bese iludlulisela kumamukeli wokusakaza weTrojan. Ngenxa yalokho, umsebenzisi akaziboni izaziso mayelana ne-SMS engenayo futhi akazi ukuthi kwenzekani. Ufunda ngokubhalisela isevisi kuphela lapho imali iqala ukunyamalala ku-akhawunti yakhe, noma lapho eya kumenyu yemilayezo futhi ebona i-SMS ehlobene nesevisi ye-premium.
Ngemuva kokuthi ochwepheshe beWebhu kaDokotela baxhumane ne-Google, izinhlelo zokusebenza ezinonya ezitholiwe zisusiwe ku-Google Play. Zonke izinguquko ezaziwayo zalesi sichofozi zitholwe ngempumelelo futhi zasuswa imikhiqizo elwa namagciwane ka-Dr.Web ye-Android ngakho-ke ayibeki usongo kubasebenzisi bethu.
Source: www.habr.com