I-ClayRat, ispyware esizenza ngathi yi-WhatsApp kunye neTikTok

  • UClayRat uziguqula njengezixhobo ezidumileyo ezifana ne-WhatsApp kunye neTikTok ukungena kwiifowuni ze-Android.
  • Eli phulo lisebenzisa iitshaneli zeTelegram kunye neewebhusayithi zomgunyathi ezifana neGoogle Play, ngophononongo olwenziweyo kunye nokukhutshelwa.
  • Isebenzisa ufakelo "olusekwe kwiseshoni" ukudlula izithintelo ze-Android 13 kwaye ifihle izilumkiso.
  • Iba i-SMS, iifowuni, kunye neefoto, ingaba yi-app ye-SMS engagqibekanga, kwaye isasazeka ngemiyalezo; Dlala Khusela iibhloko ezahlukeneyo ezaziwayo.
Alberto Navarro

Imizuzu ye5

I-spyware yeClayRat elinganisa usetyenziso oludumileyo

Uhlaselo oluphathwayo lwe-cyberattacks lungena kwinqanaba elintsonkothileyo neliyingozi: ClayRat It is a spyware for Android ukuba camouflages ngokwayo njengoko apps eziqhelekileyo ezifana WhatsApp o TikTok ukuba idata kwaye usasaze phakathi kwabafowunelwa.

Ngokutsho kwabaphandi abavela Zimperium, utyando lukhula ngesantya esihle kwaye sele luqokelelene iisampuli ezingaphezu kwama-600 kunye needropha ezingama-50, isasazwe nge Iziteshi zeTelegram kunye neesayithi ezizenza ngathi zisemthethweni, ifakiwe Ivenkile yeTikTok yobuxokiNgenxa yokufikelela kunye nobunjineli bezentlalo, eli liphulo elisebenzayo ngokukodwa.

Yintoni iClayRat kwaye kutheni izenza ngathi lusetyenziso oludumileyo?

Ithiywe emva komyalelo wayo kunye neziseko zolawulo, ClayRat idibanisa ubusela besazisi kunye i phishing ehambele phambili. Abahlaseli baphakamisa ii-portals ukuba linganisa inkangeleko yoDlalo lukaGoogle okanye ukusuka kuWhatsApp, TikTok, YouTube, okanye amaphepha eeFoto zikaGoogle, anemiyalelo yokufaka ii-APK ngesandla.

Ezi webhusayithi zibonisa uphononongo olwenziweyo, izixhobo zokubala zokukhuphela ezikhulisiwe kunye nezimvo ezenziweyo ukukhuthaza ukuzithemba. Ihuku iqiniswa ngeenguqulelo ezityholwa ngokuthi "kunye” okanye “premium” iinguqulelo zezicelo ezidumileyo, xa eneneni umsebenzisi egunyazisa ukufakwa kwespyware.

ClayRat ispyware isoyikiso kwi Android

Ikhonkco losulelo: "ngeseshoni nganye" ukufakwa kunye needropha

Enye yamandla ayo yindlela yokufakela iseshoni-based que kunciphisa izilumkiso ezibonakalayo kwaye nceda Izithintelo zokudlula ezifakwe kwi-Android 13 kunye neenguqulelo zamva, ukulinganisa ukuhamba kwee-apps ezisemthethweni. Ezi ndlela zobuchule ziyachasana nokuphuculwa kokhuseleko eziswa ziinguqulelo ezifana I-Android 13 kunye nasemva koko.

Iintlobo ezininzi zisebenza njenge iidropha: bonisa a fake Play Store uhlaziyo screen ngelixa ukhuphela kwaye usebenza ngasemva umthwalo ofihliweyo. I-malware ke ifihla phakathi kweenkqubo zenkqubo, ilindele ukudibanisa kwiseva yayo ekude. Ezi ndlela zisikhumbuza ezinye izoyikiso ezifana droppers kunye neTrojans ezihambayo.

Yintoni onokuyenza kanye ngaphakathi kwifowuni

Nje ukuba isixhobo sosulelekile, iClayRat icela iimvume ezibuthathaka (iSMS, abafowunelwa, ikhamera kunye nemakrofoni) kwaye izama yiba lusetyenziso lweSMS olungagqibekanga. Ngale nto, unako thintela, funda, kwaye ulungise imiyalezo ngaphambi kokuba bafikelele kwezinye ii-apps, umngcipheko oyinxalenye ye umngcipheko we-malware ephathwayo.

Ukongeza, ispyware siyakwazi khupha iSMS, izaziso zokubamba, khangela irekhodi lokufowuna, thatha iifoto ngekhamera yangaphambili kwaye nokuba uqalise iifowuni okanye ukuthumela imiyalezo ngaphandle kokungenelela komsebenzisi.

  • fumana_uluhlu_losetyenziso: ithumela uluhlu lwezicelo ezifakiweyo.
  • fumana_iminxeba: Qokelela iinkuni zokufowuna kwisixhobo.
  • fumana_ikhamera: Thatha ifoto ngekhamera yangaphambili kwaye uyilayishe kumncedisi.
  • get_sms_list / messms: Uba iSMS okanye uthumele ii-imeyile ezininzi ukuze zisasazeke.
  • send_sms / make_call: Fowuna okanye uthumele imiyalezo kwinombolo yexhoba.
  • fumana_isixhobo_inkcukacha: Ifumana idatha kwisixhobo kunye nenethiwekhi.
  • fumana_idatha_yeproxy: iguqula itrafikhi ye-HTTP/HTTPS ibe Iitonela zeWebSocket ukufihla unxibelelwano.

Kunxibelelwano, iClayRat isebenzisa Uguqulelo oluntsonkothileyo lwe-AES-GCM y ugqithiso lwedatha olwahlulwahlulwayo ukwenza nzima ukuqonda. Umsebenzi we-proxy uvumela i-C2 traffic ukuba ifihlwe ngasemva Iitonela ezisekwe kwiWebSocket.

Eli phulo likwaqhuba usasazo oluzenzekelayo: Yonke ifowuni ethotyiweyo isetyenziswa njenge indawo yokuhambisa ehambisa amakhonkco akhohlakeleyo ngeSMS kulo lonke uluhlu lwabafowunelwa, ngaloo ndlela iphinda-phinda ukufikelela kuhlaselo.

Umda wephulo kunye nempendulo yoshishino

Kwiinyanga zamva nje, iZimperium ichongiwe iisampuli ezingaphezu kwama-600 kwaye ngeenxa zonke Iidropha ezahlukeneyo ezingama-50, umqulu obonisa indlela yokusebenza eguqukayo. Ezinye iingxelo zibeka umsebenzi ekuqaleni ngesona siganeko siphezulu eRashiya, enokubanakho ukwanda nakwamanye amazwe.

Izalathi zokuthotyelwa ziye zabelwana ngazo neGoogle kunye Play Protect ya iibhloko ezahlukeneyo ezaziwayo. Nangona kunjalo, iingcali zigxininisa ukuba eli phulo lisasebenza kwaye eyona ndlela yokuzikhusela kukuphepha ukufakela amakhonkco angaphandle okanye amajelo eTelegram.

Indlela yokunciphisa imingcipheko

Ingcebiso ephambili ilula: Musa ukufaka ii-APK kwimithombo engaziwayoZilumkele iinguqulelo ze "Plus" okanye "premium" yee -apps ezidumileyo kwaye uphephe ukulandela amakhonkco okukhuphela kwimidiya yoluntu okanye imiyalezo.

  • Gcina inkqubo ihlaziyiwe kwaye iyasebenza Khusela iGoogle Play ukuskena rhoqo.
  • Jonga rhoqo i iimvume ukusuka kwi-apps (i-SMS, ikhamera, i-microphone, abafowunelwa) kunye nokurhoxisa okungeyomfuneko.
  • Jonga ukuba yeyiphi iapp iSMS engagqibekanga uze uyibuyisele igosa ukuba kukho into etshintshileyo ngaphandle kwemvume yakho.
  • Nika ingqalelo kwiimpawu ezilumkisayo: imiyalezo ephumayo engagunyaziswanga, ibhetri okanye i-data spikes, kunye nokuziphatha okungaqhelekanga.
  • Sebenzisa isisombululo se ukhuseleko lweselula ehloniphekileyo ukufumana iidropha kunye nemisebenzi ye-C2.

Ukuba ukrokrela usulelo, eyona nto isebenzayo nqamla isixhobo, yenza ikopi yoko kubalulekile, ukuphindisela kwisetingi sefetri kwaye uphinde ufake usetyenziso olusuka Google PlayGuqula amagama agqithisiweyo kwaye wenze uqinisekiso lwamanyathelo amabini kwiinkonzo ezibalulekileyo.

ClayRat ibonise indlela ispyware can ukulinganisa uWhatsApp kunye neTikTok Ukwaphula intembeko yomsebenzisi, ukuphepha ukhuseleko lwamva nje lwe-Android, kwaye unyuse amaxhoba ngokwawo njengeqonga lohlaselo, isilumkiso esigqithisileyo ngemithombo yokukhuphela kunye neemvume, namhlanje, yeyona nto isebenzayo.

I-malware efakwe ngaphambili ye-Android
Inqaku elidibeneyo:
I-Android kunye nomngcipheko we-malware efakwe ngaphambili: isoyikiso esikhulayo sehlabathi

Silandele kwiiNdaba zikaGoogle