Uthotho lweziganeko zamva nje luye lwabeka Ukungavisisani kumbindi wengxoxo yokhuseleko lonxibelelwanoUkusuka kwinkohliso ekhohlisa ukuthembela kwabasebenzisi ukuya kwiintsapho ezintsha ze-malware ezizifihle ngasemva kwetrafikhi esemthethweni, iqonga liphinda lijolise kubahlaseli kunye nabahlalutyi ngokufanayo.
Elona tyala lidumileyo yayilomyili we-crypto, owaziwa ngokuba yiPrincess Hypio, owaphulukana nayo I-$ 170.000 kwi-cryptocurrencies kunye ne-NFTs emva kokuvuma ukudlala nomhlobo ocingelwayo kwi-Steam. Ngelixa wayesonwabile, umkhohlisi wangena kwiqela lakhe kwaye wabeka esichengeni iDiscord, iqhinga elithi, ngokweengxelo zabahlali, sele lijikeleza iminyaka phantsi kwegama "Zama umdlalo wam".
"Zama umdlalo wam" ubuqhophololo bungena kwiiseva
Ipateni iziphinda: abahlaseli bajoyina a Iseva yeDiscord, bayayibona, bathathela ingqalelo amandla Kwaye xa bechonga ekujoliswe kuyo nge-crypto assets okanye i-NFTs, baqalisa indlela. Ukufumana intembeko, babuza imibuzo kwaye babonise umdla kwinto elixabiseke ngayo ixhoba, njengoko kwenzeka nge NFT Milady eyenze ukuba umsebenzisi ajongwe kuqala.
Emva kwesi sigaba sokuthembana, inyathelo elilandelayo kukubamema ukuba "bazame umdlalo" kwaye bathumele ikhonkco iqondisa ngokutsha kumncedisi onobungoziIsihloko sinokuba sisemthethweni, kodwa ukusingathwa kubandakanya iTrojan evula umnyango wokubiwa kwedatha, amagama ayimfihlo, kunye nezipaji eziqhagamshelweyo. Kwimeko ye-Princess Hypio, iseva yokukhuphela yayiyeyona nto iphazamisekileyo.
Olu hlobo lokulalela, oluthe abasebenzisi abaninzi banike ingxelo kwiiforam ezikhethekileyo kunye neReddit, sele ixhaphake kakhulu, ukuya kuthi ga kwinqanaba lokuba iDiscord yomeleza ukuma kwayo nxamnye nezenzo zenkohliso kwaye ukhumbule ukuba ukukhuthaza ubuqhophololo bezemali kuphula imiqathango yabo yokusetyenziswa.
Iingcali ezifana noNick Percoco, intloko yezokhuseleko e-Kraken, igxininisa ukuba obu buqhetseba Bathembele kancinci kubuthathaka bobugcisa kunokuthembela.Izaphuli-mthetho zilinganisa abahlobo, zenza ukungxamiseka, kwaye zinyanzela abantu ukuba benze izigqibo ngokungxama. Ingcebiso: "Khawukrokre ngokungagqibekanga kwaye ujonge kwelinye itshaneli."
Inf0s3c Stealer: Ukubiwa kwedatha ngeDiscord
Ngokuhambelana namaphulo obunjineli bezentlalo, abaphandi baseCyfirma baye bachonga Inf0s3c Stealer, ulwazi olubiwe olubhalwe kwiPython oluhlasela iikhomputha zeWindows kunye ikhupha idatha isebenzisa iitshaneli zeDiscord/webhooksUkudityaniswa kweendlela zakudala zolwazi kunye nemijelo yonxibelelwano yanamhlanje ivumela ukuba izifihle ngokulula.
I-64-bit ephunyeziweyo ibonisa ukupakishwa kabini: okokuqala nge I-UPX emva koko nge I-PyInstaller, eyenza ukuba utyikityo lube nzima kwaye luthintele uhlalutyo lokubuyela umva. Ngobukhulu obumalunga ne-6,8 MB kunye ne-entropy ephezulu (malunga ne-8), ibonisa ukuphazamiseka okukhulu ukuphepha izixhobo ezimileyo.
Xa iphunyeziwe, yakha kwakhona i-bytecode edibeneyo kwaye yenza indawo yayo yokusebenza phantsi % TEMP%. Ivula imiyalelo yendalo njenge inkqubo y fumacube, kunye ne-APIs yenkqubo (umzekelo, i-token kunye ne-identity host), ukwenzela ukuba i-hardware yeprofayili, isitshixo semveliso, kunye neeparitha zenethiwekhi.
Emva koko idlula kwiincwadi ezineenkcukacha zomsebenzisi (iDesktop, amaxwebhu, uKhuphelo, njl.njl.) ngoluhlu olunoluhlu kunye bamba izikrini usebenzisa i-GDI+; ukuba imeko-bume iyavuma, ikwazama ukufumana imifanekiso kwikhamera yewebhu. Konke oku kucwangciswe kuluhlu lweencwadi ezinezihloko (INkqubo, iiNgxelo zeeNgcaciso, iiNkcazo) ukwenzela ukupakishwa kokugqibela.
I-master stroke ifika ekupheleni: isicatshulwa iinkcukacha zesikhangeli (iikuki, ukugqibezela ngokuzenzekelayo kunye nembali), iipassword zeWi-Fi kunye iiseshoni/imiqondiso ukusuka kwii-apps ezifana neDiscord, iTelegram, i-crypto wallets, kunye namaqonga emidlalo (Steam, Epic, Roblox, okanye Minecraft). Emva koko, yenza iRAR ekhuselweyo ngegama (uhlobo lwefayile I-blank-WDAGUtilityAccount.rar, isitshixo "i-blank123") kwaye ilayishe nge-webhook yeDiscord ebhalwe "I-Grabber engenanto", ukuxuba ubusela kunye itrafikhi ye-HTTPS esemthethweni.
Ukuzingisa kunye nokuphepha okufanelekile kwi-APT
Ukuhlala kwinkqubo, Inf0s3c Stealer ikhutshelwa kwisiqulathi seefayili seWindows ngolwandiso lwe-.scr (efihliweyo njengomgcini wekhusi) usebenzisa i-PutInStartup-uhlobo lwesiqhelo, kwaye inokuxhomekeka kwiifitsha zokhuseleko lwenkqubo ukunciphisa ukruthakruthwano nge-UAC. Olu lawulo luqinisekisa ukuphunyezwa kwayo kulo lonke uqalo.
Ekuphepheni, yenza I-anti-VM kunye ne-anti-debug checks (umzekelo, ukuhlolwa kwe-BIOS kunye nexesha kunye ne-QueryPerformanceFrequency), ivimbela imimandla ye-antivirus, iquka imo ye-"nyibilika" ukuzitshabalalisa emva kokusebenza, kunye "ne-stub yepompo" enyusa ubungakanani bokubini ukudlula ubungakanani be-heuristics.
Ukukhutshwa ngeDiscord API kuthintela imfuno yeC2 yemveli: ifayile ihamba ngokungathi ibingumxholo oqhelekileyo, othi kunciphisa ukubonakala kwiinkqubo zokubeka iliso ezingahlolisiyo ezincamatheleyo ezintsonkothileyo okanye ezingabhlohlonganga.
Yintoni onokuyenza ukuze uzikhusele
Phambi kwamaphulo aqhumayo ukuzithemba kunye nomdla, kuyacetyiswa ukuba ulumke kakhulu: zilumkele izimemo zokukhuphela "imidlalo" okanye ephunyezwayo, qinisekisa iinkcukacha ngesinye isitishi, kwaye ukhumbule ukuba ukungacofa sisigqibo esifanelekileyo ukuba uyathandabuza.
- Usebenzisa ukhuseleko olusekwe kwindlela yokuziphatha ekwaziyo khupha iPyInstaller kwaye ubone ukusetyenziswa okungaqhelekanga kweecompressors (UPX, RAR).
- Faka isicelo ukuhluzwa kwe-egress ukuvala iiwebhooks zeDiscord ezingagunyaziswanga kunye nabajongi kwizincamatheliso zeHTTP ezingaqhelekanga kwiindawo eziseqongeni.
- Sebenzisa i I-PowerShell kunye nokuloga komgca womyalelo (systeminfo, getmac, tasklist, tree, etc.) kwaye yenza izilumkiso kwiipateni zokuqaphela.
- Ukunyanzelisa i umgaqo welona lungelo lincinci, uphicotho lutshintsho kwiRegistry kunye nefolda yokuQalisa, kwaye igcina imithetho ye-YARA (umzekelo, ukusuka eCyfirma) ukuya kuthi ga ngoku.
- yomeleza i ulwahlulo lwenethiwekhi, ii-backups ezingaxhunyiwe kwi-intanethi, kunye noqeqesho oluchasene nokukhohlisa kunye nobunjineli basekuhlaleni.
Ipanorama ibonisa imida emibini edibana kwiqonga elinye: amaqhinga okukucenga ukuba usebenzise isoftware kunye nosela wanamhlanje osebenzisa itshaneli zeDiscord ukukhupha ulwazi. Ngokuziphatha okulumkileyo, ulawulo lokuphuma, kunye netelemetry elungelelanisiweyo, kuyenzeka ukunciphisa impembelelo yala maphulo kwaye wenze ubomi bube nzima kwabo bazama ukuguqula uluntu lube libhaso labo elilandelayo.