Ngikhuluma ngokuvuza kwedatha yomuntu siqu futhi, kodwa kulokhu ngizokutshela kancane mayelana nokuphila kwangemva kokufa kwamaphrojekthi we-IT usebenzisa isibonelo sokutholwe okubili kwakamuva.
Ngesikhathi sokuhlolwa kokuphepha kwedathabhesi, kuvame ukwenzeka ukuthi uthole amaseva (, Ngabhala kubhulogi) okuyingxenye yamaphrojekthi anesikhathi eside (noma akudala kakhulu) ashiye umhlaba wethu. Amaphrojekthi anjalo aqhubeka nokulingisa ukuphila (umsebenzi), afana nama-Zombies (ukuqoqa idatha yomuntu siqu yabasebenzisi ngemva kokufa kwabo).
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.Ake siqale ngephrojekthi enegama elikhulu elithi "Ithimba likaPutin" (putinteam.ru).
Iseva ene-MongoDB evulekile itholwe ngomhlaka-19.04.2019/XNUMX/XNUMX.
Njengoba ubona, i-ransomware yaba ngeyokuqala ukufika kulesi sisekelo:
Isizindalwazi asiqukethe imininingwane yomuntu ebaluleke kakhulu, kepha kukhona amakheli e-imeyili (angaphansi kuka-1000), amagama okuqala/izibongo, amagama ayimfihlo asheshayo, izixhumanisi ze-GPS (ngokusobala lapho kubhaliswa kuma-smartphone), amadolobha okuhlala nezithombe zabasebenzisi besizinda i-akhawunti yabo yomuntu siqu kuyo.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "ΠΠ°Π΄ΠΈΠΌ",
"lastName" : "",
"city" : "Π‘Π°Π½ΠΊΡ-ΠΠ΅ΡΠ΅ΡΠ±ΡΡΠ³",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Okuningi udoti ulwazi namarekhodi angenalutho. Isibonelo, ikhodi yokubhalisa yencwadi yezindaba ayihloli ukuthi ikheli le-imeyili lifakiwe, ngakho esikhundleni sekheli, ungabhala noma yini oyifunayo.
Uma kubhekwa ilungelo lobunikazi kuwebhusayithi, iphrojekthi yashiywa ngo-2018. Yonke imizamo yokuxhumana nabamele iphrojekthi ayiphumelelanga. Kodwa-ke, kukhona ukubhaliswa okungavamile kusayithi - kukhona ukulingisa ukuphila.
Iphrojekthi yesibili ye-zombie ekuhlaziyweni kwami ββββnamuhla isiqalo se-Latvian "Roamer" (roamerapp.com/ru).
Ngomhla zingama-21.04.2019 kuMbasa, XNUMX, kutholakale imininingwane egciniwe ye-MongoDB yohlelo lokusebenza lweselula oluthi βRoamerβ kuseva eJalimane.
Isizindalwazi, esingu-207 MB ngosayizi, besilokhu sitholakala esidlangalaleni kusukela ngomhlaka-24.11.2018 Novemba XNUMX (ngokusho kweShodan)!
Ngazo zonke izimpawu zangaphandle (ikheli le-imeyili elingasebenzi, izixhumanisi eziphukile zesitolo se-Google Play, i-copyright kuwebhusayithi kusukela ngo-2016, njll.) isicelo siye sashiywa isikhathi eside.
Ngesinye isikhathi, cishe yonke imithombo yezindaba yabhala ngalokhu kuqalisa:
- VC: "Isiqalisi saseLatvia i-Roamer ingumbulali ozulazulayoΒ»
- umuzi: "I-Roamer: Isicelo esinciphisa izindleko zezingcingo ezivela phesheyaΒ»
- Lifehacker: "Ungazinciphisa kanjani izindleko zokuxhumana ngenkathi uzulazula izikhathi ezingu-10: RoamerΒ»
βUmbulaliβ ubonakala ezibulele, kodwa noma esefile uyaqhubeka nokudalula imininingwane yomuntu siqu yabasebenzisi bakhe...
Uma sibheka ukuhlaziywa kolwazi ku-database, abasebenzisi abaningi bayaqhubeka nokusebenzisa lolu hlelo lokusebenza lweselula. Emahoreni ambalwa nje ebhekiwe, kwavela izicelo ezintsha ezingu-94. Futhi esikhathini esisuka ku-March 27.03.2019, 10.04.2019 kuya ku-April 66, XNUMX, abasebenzisi abasha abangu-XNUMX ababhaliswe kuhlelo lokusebenza.
Amalogi (amarekhodi angaphezu kwezinkulungwane eziyi-100) ohlelo lokusebenza anolwazi olufana nalokhu:
- ifoni yomsebenzisi
- amathokheni okufinyelela kumlando wekholi (atholakala ngezixhumanisi ezifana nokuthi: api3.roamerapp.com/call/history/1553XXXXXX)
- umlando wekholi (izinombolo, ucingo olungenayo noma oluphumayo, izindleko zekholi, ubude besikhathi, isikhathi socingo)
- umsebenzisi weselula
- Amakheli e-IP omsebenzisi
- imodeli yefoni yomsebenzisi kanye nenguqulo ye-OS yeselula kuyo (isibonelo, I-iPhone 7 12.1.4)
- ikheli le-imeyili lomsebenzisi
- ibhalansi ye-akhawunti yomsebenzisi kanye nemali
- izwe labasebenzisi
- indawo yamanje (izwe) yomsebenzisi
- amakhodi okukhangisa
- nokuningi okuningi.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Yiqiniso, kwakungenakwenzeka ukuxhumana nabanikazi besisekelo. Oxhumana nabo esizeni abasebenzi, imiyalezo ezinkundleni zokuxhumana. akekho osabela kumanethiwekhi.
Uhlelo lokusebenza lusatholakala ku-Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Izindaba mayelana nokuvuza kolwazi kanye nabangaphakathi zingatholakala njalo esiteshini sami seTelegram "Β»: .
Source: www.habr.com