- 239 munanan apps akan Google Play da sama da miliyan 42 zazzagewa ta Zscaler
- Sabbin kamfen: trojan banki tare da overlays, "Landfall" kayan leken asiri, da zamba na NFC tare da NGate
- Mobile malware yana girma 67% kowace shekara; adware ya mamaye (69%) kuma Turai tana yin rijistar kololuwa a ƙasashe kamar Italiya
- Jagoran kariya: izini, sabuntawa, Kariyar Play, tabbatar da ƙa'idar, da saka idanu akan asusu
Wayoyin Android sun ci gaba da kasancewa a cikin tabo, kuma bisa ga sabon bincike, Hankalin bai kwanta daidai ba.. tsakanin Trojans na banki waɗanda ke ɓarna asusu, Kayan leken asiri wanda ke amfani da lahani na yau da kullun da zamba mara lambaFagen harin yana girma cikin layi tare da tallafi na dijital a Turai da Spain.
A makonnin da suka gabata Yaƙin neman zaɓe da bayanai sun zo haske waɗanda ke zana hoto mai rikitarwa: 239 munanan apps akan Google Play yana tara abubuwan saukarwa sama da miliyan 42, a sabon banki Trojan tare da overlays masu iya ɗaukar iko da na'urar, wani kayan leken asiri da ake kira Tushewar ƙasa wanda ke ratsawa Hotunan DNG da tsarin cloning katin ta hanyar NFC (NGate) wanda ya samo asali daga Turai kuma ya fadada zuwa Latin Amurka.
Hoton haɓakar malware ta hannu akan Android
Rahoton Zscaler na baya-bayan nan ya bayyana hakan tsakanin Yuni 2024 da Mayu 2025 Google Play ya dauki nauyin apps 239 na mugunta wanda ya zarce na'urori miliyan 42. Ayyukan malware ta wayar hannu ya canza zuwa +67% a kowace shekara, tare da kasancewa na musamman a cikin kayan aiki da nau'in samarwa, inda maharan ke ɓarna da kansu a matsayin kayan aiki masu dacewa.
Wannan juyin halitta yana fassara zuwa bayyanannen canji a dabaru: Adware yana da kashi 69% na ganowayayin da dangin Joker ya fadi zuwa 23%. Ta kasa, Indiya (26%), Amurka (15%), da Kanada (14%) ne ke jagorantar kididdigar, amma a Turai, an sami raguwa. abubuwan da suka faru a Italiyatare da karuwa sosai a kowace shekara, da kuma gargadi game da yiwuwar yaduwar hadarin ga sauran kasashen nahiyar.
Fuskantar wannan yanayin, Google ya ƙarfafa ikonsa akan tsarin muhallin masu haɓakawa tare da ƙarin matakan tabbatar da ainihi don bugawa akan Android. Manufar ita ce a ɗaga shinge don shigarwa da ganowa, rage ikon masu aikata laifuka don rarraba malware ta cikin shagunan hukuma.
Baya ga girma, sophistication yana da damuwa: Zscaler yana ba da haske musamman iyalai masu aiki, a cikinsu Anatsa (Trojan banki), Android Void/Vo1d (kofar baya a cikin na'urori masu gadon AOSP, tare da na'urori sama da miliyan 1,6 da abin ya shafa) da SanarwaRAT da aka ƙera don satar takaddun shaida da lambobin 2FA. A Turai, cibiyoyin kudi da masu amfani da bankin wayar hannu Suna gabatar da haɗari bayyananne.
Kwararru sun yi nuni ga sauyi daga zamba na katin kiredit na zamani zuwa biyan kuɗi ta hannu da fasahar zamantakewa (Phishing, smishing and SIM swapping), wanda ke buƙatar haɓaka tsaftar dijital na mai amfani na ƙarshe da ƙarfafa kariyar tashoshi na wayar hannu.
Android/BankBot-YNRK: Littattafai, Samun Dama, da Satar Banki
Masu bincike na Cyfirma sun rubuta a trojan banki don Android wanda aka yiwa lakabi da "Android/BankBot-YNRK", an ƙera shi don kwaikwayi halaltattun ƙa'idodi sannan a kunna Sabis ɗin Samun dama ga sami cikakken iko na na'urar. Kwarewarsa ita ce hare-hare mai rufi: yana ƙirƙira allon shiga na karya game da ainihin banki da aikace-aikacen crypto don kama takaddun shaida.
Rarraba ya haɗa da play Store (a cikin raƙuman ruwa waɗanda ke ƙetare tacewa) tare da shafuka na yaudara suna ba da APKs, ta amfani da sunaye da taken fakiti waɗanda ke kwaikwayon shahararrun ayyuka. Daga cikin abubuwan gano fasaha da aka gano akwai da yawa Farashin SHA-256 kuma ana hasashen cewa aikin zai yi aiki a karkashinsa Malware-as-a-Service, wanda ke saukaka fadada shi zuwa kasashe daban-daban. ciki har da Spain.
Da zarar ciki, yana tilasta izinin samun dama, yana ƙara kansa azaman mai gudanar da na'ura, kuma yana karanta abin da ke bayyana akan allon. danna maɓallan kama-da-wane kuma cika fomHakanan yana iya satar lambobin 2FA, sarrafa sanarwar, da canja wuri ta atomatikduk ba tare da tada wani zato na bayyane ba.
Manazarta sun danganta wannan barazanar ga dangin BankBot/Anubis, wanda ke aiki tun 2016, tare da bambance-bambance masu yawa waɗanda Suna tasowa don guje wa software na riga-kafi da sarrafa kayan ajiya. Yawancin kamfen ɗin ana yin niyya ne ga aikace-aikacen kuɗi da ake amfani da su sosai, wanda ke ƙara yuwuwar tasirin idan ba a gano shi cikin lokaci ba.
Ga masu amfani da kasuwanci a cikin EU, shawarar ita ce ƙarfafawa ikon sarrafawaBitar saitunan samun dama kuma saka idanu akan halayen aikace-aikacen kuɗi. Idan ana shakka, yana da kyau a cire, duba na'urarka, da canza takardun shaida a cikin daidaituwa tare da mahallin.
Kasadar ƙasa: leƙen asiri shiru ta amfani da hotunan DNG da glitches na rana
Wani bincike, wanda Unit 42 na Palo Alto Networks ya jagoranta, ya gano wani kayan leken asiri don Android da ake kira Tushewar ƙasa wanda yayi amfani da rashin lahani na kwana-kwana a ɗakin karatu na sarrafa hoto (libimagecodec.quram.so) don aiwatar da lamba lokacin da Yanke fayilolin DNGYa isa haka. karbi hoton ta hanyar saƙo domin a iya kai harin ba tare da mu'amala ba.
Alamun farko sun koma Yuli 2024 kuma an kasafta hukuncin a matsayin Saukewa: 2025-21042 (tare da ƙarin gyara CVE-2025-21043 watanni baya). Yaƙin neman zaɓe ya yi niyya tare da kulawa ta musamman Na'urorin Samsung Galaxy kuma ya yi tasiri mafi girma a Gabas ta Tsakiya, ko da yake masana sun yi gargadin yadda wadannan ayyuka za su iya fadadawa cikin sauki.
Da zarar an aikata, Landfall da izinin hakar hotuna ba tare da loda su zuwa gajimare basaƙonni, lambobin sadarwa, da rajistan ayyukan kira, baya ga kunna makirufo a boyeModularity na kayan leken asiri da kuma dagewar sa na kusan shekara guda ba tare da an gano su ba sun jaddada tsalle cikin sophistication wanda ake bayarwa ta ci gaba da barazanar wayar hannu.
Don rage haɗarin, yana da maɓalli Aiwatar da sabunta tsaro na masana'anta, iyakance bayyanawa ga fayilolin da aka karɓa daga lambobin da ba a tantance ba, da kiyaye hanyoyin kariya na tsarin aiki., duka a cikin tashoshi na amfani da kai da kuma cikin jiragen ruwa na kamfanoni.
NGate: cloning katin NFC, daga Jamhuriyar Czech zuwa Brazil
Ƙungiyar tsaro ta yanar gizo ta kuma mayar da hankali kan NGate, a Android malware wanda aka tsara don zamba na kudi wanda ke cin zarafin NFC para kwafi bayanan katin kuma kuyi koyi da su akan wata na'ura. An rubuta yakin neman zabe a tsakiyar Turai (Jamhuriyar Czech) da suka hada da kwaikwayar bankunan gida da juyin halitta na gaba da nufin masu amfani a Brazil.
Haɗin ya haɗa da smishing, aikin injiniyan zamantakewa, da amfani da PWA/WebAPK da gidajen yanar gizon da ke kwaikwayon Google Play don sauƙaƙe shigarwa. Da zarar ciki, yana jagorantar wanda aka azabtar don kunna NFC kuma ya shigar da PIN, yana satar musayar, kuma ya sake watsa shi ta amfani da kayan aiki kamar su. NFCate, ba da izinin cire kuɗi a ATMs da biyan kuɗin POS mara amfani.
Daban-daban masu kaya Suna gano bambance-bambance a ƙarƙashin alamun kamar Android/Spy.NGate.B da Trojan-Banker heuristicsKo da yake babu wata shaida ta jama'a game da yakin neman zabe a Spain, dabarun da ake amfani da su sune canja wuri zuwa kowane yanki tare da karɓuwa da yawa na banki mara amfani.
Yadda za a rage haɗari: mafi kyawun ayyuka
Kafin shigarwa, ɗauki ƴan daƙiƙa kaɗan don bincika edita, ratings da kwanan wata na app. Yi hankali da buƙatun izini waɗanda basu dace da aikin da aka bayyana ba. (musamman Dama da Gudanarwa na na'urar).
Ajiye tsarin da apps kullum updatedKunna Google Play Kare kuma yi bincike akai-akai. A cikin mahallin kamfani, yana da kyau a aiwatar da manufofin MDM. jerin toshewa da kuma lura da anomaly na rundunar jiragen ruwa.
Guji zazzage APKs daga hanyoyin haɗin yanar gizo a cikin saƙonnin SMS, kafofin watsa labarun, ko imel, kuma ka nisanta daga... shafukan da suka kwaikwayi Google PlayIdan aikace-aikacen banki ya nemi PIN na katin ku ko ya neme ku da ku riƙe katin ku kusa da wayarka, yi shakka kuma bincika bankin ku.
Idan kun ga alamun kamuwa da cuta (bayanan da ba na al'ada ba ko amfani da baturi, m sanarwa(masu rufe fuska), cire haɗin bayanai, cire kayan aikin da ake tuhuma, bincika na'urarka, da canza bayanan shaidarka. Tuntuɓi bankin ku idan kun gano ƙungiyoyi marasa izini.
A cikin fa'idar sana'a, Ya haɗa IoCs da masu bincike suka buga (yankuna, hashes, da fakitin lura) zuwa jerin abubuwan toshe ku, da daidaita martani tare da CSIRTs na yanki don yanke yiwu igiyoyi na kamuwa da cuta.
Tsarin muhallin Android yana gudana ta wani lokaci na babban matsin lamba daga laifuffukan yanar gizo: daga mugayen apps a cikin shagunan hukuma Wannan ya haɗa da Trojans na banki tare da overlays, kayan leken asiri waɗanda ke amfani da hotunan DNG, da zamba na NFC tare da kwaikwayi kati. Tare da sabuntawa na yau da kullun, taka tsantsan yayin shigarwa, da sa ido kan izini da mu'amalar banki, yana yiwuwa a hana su. raguwa sosai duka masu amfani da ƙungiyoyi da ƙungiyoyi a cikin Spain da sauran Turai.
Ni mai sha'awar fasaha ne wanda ya mayar da sha'awar "geek" zuwa sana'a. Na shafe fiye da shekaru 10 na rayuwata ta yin amfani da fasaha mai mahimmanci da kuma yin amfani da kowane nau'i na shirye-shirye saboda tsantsar son sani. Yanzu na kware a fasahar kwamfuta da wasannin bidiyo. Wannan shi ne saboda sama da shekaru 5 ina yin rubutu a gidajen yanar gizo daban-daban kan fasaha da wasannin bidiyo, ina ƙirƙirar kasidu da ke neman ba ku bayanan da kuke buƙata cikin yaren da kowa zai iya fahimta.
Idan kuna da wasu tambayoyi, ilimina ya bambanta daga duk wani abu da ya shafi tsarin aiki na Windows da kuma Android don wayoyin hannu. Kuma alƙawarina shine a gare ku, koyaushe a shirye nake in yi ƴan mintuna kaɗan in taimaka muku warware duk wata tambaya da kuke da ita a duniyar Intanet.