Sturnus Trojan: malware na banki wanda ke leken asiri akan WhatsApp

Sturnus trojan ne na banki don Android wanda ke satar bayanan sirri da kuma satar saƙonni daga ɓoyayyun apps kamar WhatsApp, Telegram, da Sigina.
Yana cin zarafin Sabis ɗin Samun damar Android don karanta duk abin da ke kan allo da sarrafa na'urar daga nesa ta amfani da zaman nau'in VNC.
Ana rarraba shi azaman apk ɗin mugunta wanda ke yin kama da sanannun ƙa'idodi (misali, Google Chrome) kuma da farko yana hari bankuna a Tsakiya da Kudancin Turai.
Yana amfani da rufaffen sadarwa (HTTPS, RSA, AES, WebSocket) kuma yana buƙatar gata mai gudanarwa don ci gaba da dagewa da wahalar cire shi.

Un Sabuwar Trojan banki don Android ake kira Sturnus ya kunna ƙararrawa a cikin sashin tsaro na intanet na TuraiWannan malware ba kawai an tsara shi don satar bayanan kuɗi ba, amma kuma mai iya karanta WhatsApp, Telegram, da tattaunawar sigina da kuma ɗaukar kusan cikakken ikon sarrafa na'urar da ta kamu da cutar.

Barazana, wanda masu bincike suka gano ThreadFabric da manazarta da BleepingComputer ya ambata, har yanzu suna cikin a farkon tura lokaciamma ya riga ya nuna a sabon matakin sophisticationKo da yake kamfen ɗin da aka gano ya zuwa yanzu yana da iyaka, masana na fargabar cewa gwaje-gwaje ne kafin babban hari ga masu amfani da Bankin wayar hannu a Tsakiya da Kudancin Turai.

Menene Sturnus kuma me yasa yake haifar da damuwa sosai?

Sturnus malware bankuna

Sturnus trojan ne na banki don Android wanda ke haɗa iyakoki masu haɗari da yawa cikin fakiti ɗaya: satar bayanan kuɗi, leƙen asirin ɓoyayyun aikace-aikacen saƙon, da sarrafa nesa ta wayar ta amfani da dabarun isa ga ci gaba.

Bisa ga binciken fasaha da aka buga ThreadFabricKamfani mai zaman kansa ne ya haɓaka kuma yana sarrafa malware tare da ƙwararrun ƙwararru. Kodayake lambar da kayan aikin har yanzu suna bayyana suna haɓakawa, samfuran da aka bincika sune cikakken aiki, wanda ke nuni da hakan Maharan sun riga sun gwada Trojan akan ainihin wadanda abin ya shafa..

Masu binciken sun nuna cewa, a yanzu, abubuwan da aka gano sun fi mayar da hankali a ciki abokan ciniki na Turai kudi cibiyoyinmusamman a yankin tsakiya da kudancin nahiyar. Wannan mayar da hankali ya bayyana a cikin samfurin karya da allon fuska hadedde cikin malware, musamman tsara don kwaikwayi bayyanar aikace-aikacen banki na gida.

Keɓaɓɓen abun ciki - Danna nan Yadda zaka cire fayil ɗin Avira

Wannan hadin na yankin mayar da hankali, high fasaha sophistication da gwaji lokaci Wannan ya sa Sturnus ya zama kamar barazanar da ke tasowa tare da yuwuwar haɓaka, kama da kamfen ɗin banki na baya wanda ya fara cikin hankali kuma ya ƙare yana shafar dubban na'urori.

Yadda yake yaduwa: aikace-aikacen karya da yakin neman zabe

malware marar ganuwa

Rarraba na Sturnus ya dogara da fayilolin apk masu ƙeta waɗanda ke yin kama da halal kuma mashahurin apps. Masu binciken sun gano fakitin da ke kwaikwaya, da sauransu, zuwa Google Chrome (tare da rufaffen sunayen fakitin kamar com.klivkfbky.izaybebnx) ko aikace-aikace kamar marasa lahani Preemix Box (com.uvxuthoq.noscjahe).

Kodayake daidai hanyar yadawa Har yanzu ba a tantance da tabbas ba, amma shaidun sun nuna yakin neman zabe na phishing da qeta tallada kuma saƙon sirri da aka aika ta hanyar dandamali na aika saƙon. Waɗannan saƙonnin suna turawa zuwa gidajen yanar gizo na yaudara inda aka gayyaci mai amfani don zazzage abubuwan da ake ɗauka ko abubuwan amfani waɗanda, a zahiri, su ne mai saka Trojan.

Da zarar wanda aka azabtar ya shigar da aikace-aikacen yaudara, Sturnus ya buƙaci Izinin samun dama kuma, a yawancin lokuta, gata mai kula da na'uraWaɗannan buƙatun ana ɓoye su azaman saƙon da suke da gaskiya, suna da'awar suna da mahimmanci don samar da abubuwan ci gaba ko haɓaka aiki. Lokacin da mai amfani ya ba da waɗannan izini masu mahimmanci, malware yana samun damar yin hakan ganin duk abin da ke faruwa akan allohulɗa tare da keɓancewa da hana cirewa ta tashoshi na yau da kullun shine mabuɗin, don haka yana da mahimmanci a sani yadda ake cire malware daga android.

Satar takardun shaidar banki ta fuskar fuska

Babban wakilcin Sturnus malware akan Android

Ɗaya daga cikin classic Sturnus, duk da haka yana da tasiri sosai, ayyuka shine amfani da su hari mai rufi don satar bayanan banki. Wannan dabarar ta ƙunshi nunawa allon karya akan halaltattun apps, da aminci kwaikwayi ke dubawa na bankin app na wanda aka azabtar.

Lokacin da mai amfani ya buɗe app ɗin bankin su, Trojan ɗin yana gano abin da ya faru kuma ya nuna hanyar shiga ta karya ko tagar tabbatarwa, yana buƙata. sunan mai amfani, kalmar sirri, PIN ko bayanan katinGa mutumin da abin ya shafa, ƙwarewar ta zama kamar ta al'ada: kamannin gani yana maimaita tambura, launuka, da matani na ainihin banki.

Keɓaɓɓen abun ciki - Danna nan Yadda ake kashe Avast

Da zarar wanda aka kashe ya shigar da bayanan. Sturnus yana aika da takaddun shaida zuwa uwar garken maharan ta amfani da rufaffiyar tashoshi. Ba da daɗewa ba, zai iya rufe allon yaudara kuma ya dawo da sarrafawa zuwa ainihin app, don haka mai amfani da kyar ya lura da ɗan jinkiri ko hali mai ban mamaki, wanda sau da yawa ba a gane shi ba. Bayan irin wannan sata, yana da mahimmanci Bincika idan an yi kutse a asusun bankin ku.

Bugu da ƙari, Trojan yana iya rikodin maɓallai da halaye a cikin wasu aikace-aikace masu mahimmanci, waɗanda ke faɗaɗa nau'in bayanan da zai iya sata: daga kalmomin sirri don samun damar sabis na kan layi zuwa lambobin tantancewa da aka aika ta SMS ko saƙonni daga aikace-aikacen tantancewa.

Yadda ake leken asiri akan WhatsApp, Telegram, da sakonnin sigina ba tare da karya boye-boye ba

Mafi rashin kwanciyar hankali na Sturnus shine ikonsa karanta tattaunawar saƙon da ke amfani da ɓoye-ɓoye na ƙarshe zuwa ƙarshekamar WhatsApp, Telegram (a cikin rufaffen tattaunawar sa), ko siginar. A kallo na farko, yana iya zama alama cewa malware sun yi nasarar yin sulhu da algorithms na cryptographic, amma gaskiyar ita ce mafi dabara da damuwa.

Maimakon kai hari kan watsa sakonni. Sturnus yana amfani da Sabis ɗin Samun damar Android don saka idanu akan aikace-aikacen da aka nuna a gaba. Lokacin da ya gano cewa mai amfani yana buɗe ɗayan waɗannan aikace-aikacen aika saƙon, Trojan kawai ... karanta kai tsaye abubuwan da ke bayyana akan allon.

A takaice dai, baya karya boye-boye a cikin wucewa: jira aikace-aikacen da kansa ya yanke saƙon kuma nuna su ga mai amfani. A wannan lokacin, malware za su iya samun damar rubutu, sunayen tuntuɓar, zaren tattaunawa, saƙonni masu shigowa da masu fita, da ma sauran bayanan da ke cikin bayanan.

Wannan hanyar tana ba Sturnus damar gaba daya ketare kariyar boye-boye na karshen-zuwa-karshe ba tare da buƙatar karya shi daga mahangar lissafi ba. Ga maharan, wayar tana aiki azaman taga buɗaɗɗe wanda ke bayyana bayanan da, a ka'idar, yakamata a kasance masu sirri har ma daga masu shiga tsakani da masu ba da sabis.

Keɓaɓɓen abun ciki - Danna nan Acer - Wanda aka azabtar da harin fansa

Matakan kariya ga masu amfani da Android a Spain da Turai

wayar hannu tsaro

Fuskantar barazana kamar Sturnus, da Masana tsaro suna ba da shawarar ƙarfafa ɗabi'u na yau da kullun a amfani da wayar hannu ta yau da kullun:

Guji shigar da fayilolin apk samu a wajen kantin sayar da Google na hukuma, sai dai idan sun kasance daga cikakkun ingantattun hanyoyin da suka dace.
Yi nazari a hankali izini da aikace-aikace suka nemaDuk aikace-aikacen da ke neman samun dama ga Sabis ɗin Samun dama ba tare da takamaiman dalili ba ya kamata ya ɗaga jajayen tutoci.
Yi hankali da buƙatun daga gata mai kula da na'urawanda a mafi yawan lokuta ba dole ba ne don aiki na yau da kullun na ƙa'idar ƙa'idar.
Kiyaye Kariyar Google Play da sauran hanyoyin tsaro Ci gaba da sabunta tsarin aiki da shigar da aikace-aikace akai-akai, kuma lokaci-lokaci bitar jerin aikace-aikacen tare da izini masu mahimmanci.
Yi hankali da m halaye (fuskokin banki masu tuhuma, buƙatun takaddun shaida na bazata, raguwar kwatsam) kuma yi aiki nan da nan a kowace alamar gargaɗi.

Idan ana zargin kamuwa da cuta, amsa ɗaya mai yiwuwa ita ce da hannu soke mai gudanarwa da damar samun dama Daga saitunan tsarin, cire duk wani ƙa'idodin da ba a san su ba. Idan na'urar ta ci gaba da nuna alamun, yana iya zama dole a yi ajiyar mahimman bayanai da yin sake saitin masana'anta, maidowa kawai abin da ya zama dole.

Bayyanar Sturnus ya tabbatar da cewa Tsarin muhallin Android ya kasance abin fifiko Wannan Trojan, wanda aka ƙera don ƙungiyoyi masu laifi tare da albarkatu da kuzarin kuɗi, yana haɗa satar banki, ɓoyayyun saƙon saƙon, da sarrafa nesa cikin fakiti ɗaya. Yana ba da damar izinin samun dama da rufaffen tashoshi na sadarwa don yin aiki a ɓoye. A cikin mahallin da yawancin masu amfani da su a Spain da Turai ke dogaro da wayoyin hannu don sarrafa kudadensu da sadarwar sirri, kasancewa a faɗake da kuma ɗaukar kyawawan halaye na dijital ya zama mahimmanci don guje wa fadawa cikin irin wannan barazanar.

Yadda zaka gane idan wayarka Android tana da kayan leken asiri sannan ka cire ta mataki-mataki

Labari mai dangantaka:

Gano kuma cire kayan leken asiri akan Android: jagorar mataki-mataki

Alberto navarro

Ni mai sha'awar fasaha ne wanda ya mayar da sha'awar "geek" zuwa sana'a. Na shafe fiye da shekaru 10 na rayuwata ta yin amfani da fasaha mai mahimmanci da kuma yin amfani da kowane nau'i na shirye-shirye saboda tsantsar son sani. Yanzu na kware a fasahar kwamfuta da wasannin bidiyo. Wannan shi ne saboda sama da shekaru 5 ina yin rubutu a gidajen yanar gizo daban-daban kan fasaha da wasannin bidiyo, ina ƙirƙirar kasidu da ke neman ba ku bayanan da kuke buƙata cikin yaren da kowa zai iya fahimta.

Idan kuna da wasu tambayoyi, ilimina ya bambanta daga duk wani abu da ya shafi tsarin aiki na Windows da kuma Android don wayoyin hannu. Kuma alƙawarina shine a gare ku, koyaushe a shirye nake in yi ƴan mintuna kaɗan in taimaka muku warware duk wata tambaya da kuke da ita a duniyar Intanet.