{"id":2566,"date":"2024-01-23T11:00:04","date_gmt":"2024-01-23T11:00:04","guid":{"rendered":"https:\/\/esenyurtgazetesi.com\/?p=2566"},"modified":"2024-01-23T11:00:04","modified_gmt":"2024-01-23T11:00:04","slug":"korsanlar-ganimet-pesinde-yeni-macos-arka-kapisi-kripto-para-cuzdanlarini-hedef-aliyor","status":"publish","type":"post","link":"https:\/\/esenyurtgazetesi.com\/index.php\/2024\/01\/23\/korsanlar-ganimet-pesinde-yeni-macos-arka-kapisi-kripto-para-cuzdanlarini-hedef-aliyor\/","title":{"rendered":"Korsanlar ganimet pe\u015finde: Yeni macOS arka kap\u0131s\u0131 kripto para c\u00fczdanlar\u0131n\u0131 hedef al\u0131yor"},"content":{"rendered":"<p><strong>Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131, al\u0131\u015f\u0131lmad\u0131k t\u00fcrden bir macOS zararl\u0131 yaz\u0131l\u0131m t\u00fcr\u00fcn\u00fc ortaya \u00e7\u0131kard\u0131. Daha \u00f6nce bilinmeyen korsan uygulamalar arac\u0131l\u0131\u011f\u0131yla gizlice da\u011f\u0131t\u0131lan bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesi, macOS kullan\u0131c\u0131lar\u0131n\u0131n dijital c\u00fczdanlar\u0131nda saklanan kripto paralar\u0131n\u0131 \u00e7almay\u0131 hedefliyor. Kaspersky taraf\u0131ndan daha \u00f6nce ke\u015ffedilen proxy Truva atlar\u0131n\u0131n aksine, bu yeni tehdit kullan\u0131c\u0131lar\u0131 tehlikeye atmaya odaklan\u0131yor.<\/strong><\/p>\n<p>Yeni ke\u015ffedile Truva At\u0131 iki y\u00f6nden benzersiz \u00f6zelliklere sahip. Birincisi, k\u00f6t\u00fc ama\u00e7l\u0131 Python beti\u011fini y\u00fcr\u00fctmek i\u00e7in DNS kay\u0131tlar\u0131n\u0131 kullan\u0131yor. \u0130kincisi sadece kripto c\u00fczdanlar\u0131n\u0131 \u00e7almakla kalm\u0131yor, c\u00fczdan uygulamas\u0131n\u0131 kendi vir\u00fcsl\u00fc s\u00fcr\u00fcm\u00fcyle de\u011fi\u015ftiriyor. Bu, c\u00fczdanlarda saklanan kripto para birimine eri\u015fmek i\u00e7in kullan\u0131lan gizli ifadenin de \u00e7almas\u0131na yol a\u00e7\u0131yor.<\/p>\n<p>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m macOS&#8217;un 13.6 ve \u00fczeri s\u00fcr\u00fcmlerini hedef al\u0131yor ve hem Intel hem de Apple Silikon ile \u00e7al\u0131\u015fan cihazlarda, \u00f6zellikle daha yeni i\u015fletim sistemi s\u00fcr\u00fcm\u00fc kullan\u0131c\u0131lar\u0131na odakland\u0131\u011f\u0131n\u0131 g\u00f6steriyor. Ele ge\u00e7irilmi\u015f disk imajlar\u0131, bir aktivat\u00f6r ve aranan uygulamay\u0131 i\u00e7eriyor. \u0130lk bak\u0131\u015fta zarars\u0131z gibi g\u00f6r\u00fcnen aktivat\u00f6r, kullan\u0131c\u0131 \u015fifresini girdikten sonra ele ge\u00e7irilen uygulamay\u0131 etkinle\u015ftiriyor.<\/p>\n<p>Sald\u0131rganlar, uygulaman\u0131n \u00f6nceden ele ge\u00e7irilmi\u015f s\u00fcr\u00fcmlerini kullanarak, \u00e7al\u0131\u015ft\u0131r\u0131labilir dosyalar\u0131 kullan\u0131c\u0131 aktivat\u00f6r\u00fc \u00e7al\u0131\u015ft\u0131rana kadar i\u015flevsiz hale getirecek \u015fekilde de\u011fi\u015ftiriyor. Bu taktik, kullan\u0131c\u0131n\u0131n fark\u0131nda olmadan g\u00fcvenli\u011fi ihlal edilmi\u015f uygulamay\u0131 etkinle\u015ftirmesini sa\u011fl\u0131yor.<\/p>\n<p>Yamadan sonra k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, k\u00f6t\u00fc ama\u00e7l\u0131 etki alan\u0131 i\u00e7in DNS TXT kayd\u0131 alarak ve buradan Python beti\u011finin \u015fifresini \u00e7\u00f6zerek birincil y\u00fck\u00fcn\u00fc \u00e7al\u0131\u015ft\u0131r\u0131yor. Ard\u0131ndan komut dosyas\u0131, yine bir Python komut dosyas\u0131 olan bula\u015fma zincirinin bir sonraki a\u015famas\u0131n\u0131 indirmeye \u00e7al\u0131\u015f\u0131yor.<\/p>\n<p><em>Bir sonraki y\u00fck\u00fcn amac\u0131 sunucudan al\u0131nan keyfi komutlar\u0131 \u00e7al\u0131\u015ft\u0131rmak. Yap\u0131lan ara\u015ft\u0131rma s\u0131ras\u0131nda hi\u00e7bir komut al\u0131nmasa ve arka kap\u0131 d\u00fczenli olarak g\u00fcncelleniyor olsa da, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kampanyas\u0131n\u0131n hala geli\u015ftirilmekte oldu\u011fu a\u00e7\u0131k\u00e7a ortada. Kodlar\u0131n incelenmesi, ilgili komutlar\u0131n muhtemelen kodlanm\u0131\u015f Python betikleri oldu\u011funu g\u00f6steriyor.<\/em><\/p>\n<p><em>Bahsedilen i\u015flevlerin yan\u0131 s\u0131ra, komut dosyas\u0131, apple-analyzer[.]com alan ad\u0131n\u0131 i\u00e7eren iki \u00f6nemli \u00f6zellik bar\u0131nd\u0131r\u0131yor. Her iki i\u015flev de kripto para c\u00fczdan\u0131 uygulamalar\u0131n\u0131n varl\u0131\u011f\u0131n\u0131 kontrol etmeyi ve bunlar\u0131 belirtilen alan ad\u0131ndan indirilen s\u00fcr\u00fcmlerle de\u011fi\u015ftirmeyi ama\u00e7l\u0131yor. Bu takti\u011fin hem Bitcoin hem de Exodus c\u00fczdanlar\u0131n\u0131 hedef ald\u0131\u011f\u0131 ve bu uygulamalar\u0131 k\u00f6t\u00fc niyetli olanlarla de\u011fi\u015ftirdi\u011fi g\u00f6zlemlendi.<\/em><\/p>\n<p>Kaspersky G\u00fcvenlik Ara\u015ft\u0131rmac\u0131s\u0131\u00a0<strong>Sergey Puzan<\/strong>, \u015funlar\u0131 s\u00f6yledi:\u00a0<em>&#8220;Korsan yaz\u0131l\u0131mlarla ba\u011flant\u0131l\u0131 macOS k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, bu alandaki ciddi risklerin alt\u0131n\u0131 \u00e7iziyor. Siber su\u00e7lular, kullan\u0131c\u0131lar\u0131n bilgisayarlar\u0131na kolayca eri\u015fmek ve parola girmelerini sa\u011flayarak y\u00f6netici ayr\u0131cal\u0131klar\u0131 elde etmek i\u00e7in korsan uygulamalar\u0131 kullan\u0131yor. Sald\u0131r\u0131y\u0131 haz\u0131rlayanlar, DNS sunucusu kayd\u0131na bir Python beti\u011fi gizlemek \u015feklinde al\u0131\u015f\u0131lmad\u0131k bir yarat\u0131c\u0131l\u0131k sergiliyor ve bu da k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n a\u011f trafi\u011findeki gizlilik d\u00fczeyini art\u0131r\u0131yor. Kullan\u0131c\u0131lar, \u00f6zellikle kripto para c\u00fczdanlar\u0131 konusunda ekstra dikkatli olmal\u0131. \u015e\u00fcpheli sitelerden dosya indirmekten ka\u00e7\u0131n\u0131n ve daha iyi koruma i\u00e7in g\u00fcvenilir siber g\u00fcvenlik \u00e7\u00f6z\u00fcmleri kullan\u0131n.&#8221;<\/em><\/p>\n<p>Securelist.com&#8217;da\u00a0macOS i\u00e7in kripto Truva at\u0131 ve arka kap\u0131 hakk\u0131nda daha fazla bilgi edinebilirsiniz.<\/p>\n<p>Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131, Truva atlar\u0131na kar\u015f\u0131 g\u00fcvende kalmak ve kripto varl\u0131klar\u0131n\u0131z\u0131 korumak i\u00e7in a\u015fa\u011f\u0131daki \u00f6nlemleri alman\u0131z\u0131 tavsiye ediyor:<\/p>\n<ul>\n<li>Uygulamalar\u0131n\u0131z\u0131 yaln\u0131zca Apple App Store gibi resmi ma\u011fazalardan indirmek daha g\u00fcvenlidir. Bu ma\u011fazalardaki uygulamalar %100 g\u00fcvenli de\u011fildir, ancak en az\u0131ndan ma\u011faza y\u00f6neticileri taraf\u0131ndan kontrol edilirler ve belli filtreleme sistemleri vard\u0131r. Her uygulama bu ma\u011fazalara kolayca giremez.\u00a0<\/li>\n<li>G\u00fcvenilir bir\u00a0g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc\u00a0y\u00fckleyin ve tavsiyelerine uyun. G\u00fcvenli \u00e7\u00f6z\u00fcmler sorunlar\u0131n \u00e7o\u011funu otomatik olarak \u00e7\u00f6zecek ve gerekirse sizi uyaracakt\u0131r.\u00a0<\/li>\n<li>G\u00fcncellemeler \u00e7\u0131kt\u0131k\u00e7a i\u015fletim sisteminizi ve \u00f6nemli uygulamalar\u0131n\u0131z\u0131 g\u00fcncelleyin. Bir\u00e7ok g\u00fcvenlik sorunu yaz\u0131l\u0131mlar\u0131n g\u00fcncellenmi\u015f s\u00fcr\u00fcmleri y\u00fcklenerek \u00e7\u00f6z\u00fclebilir.\u00a0<\/li>\n<li>Tohum c\u00fcmlenizi g\u00fcvence alt\u0131na al\u0131n. Donan\u0131m c\u00fczdan\u0131n\u0131z\u0131 kurarken, tohum c\u00fcmlenizi yazd\u0131\u011f\u0131n\u0131zdan ve g\u00fcvenli bir \u015fekilde saklad\u0131\u011f\u0131n\u0131zdan emin olun.\u00a0Kaspersky Premium\u00a0gibi g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, mobil cihaz\u0131n\u0131zda veya bilgisayar\u0131n\u0131zda saklanan kripto bilgilerinizi koruyacakt\u0131r.\u00a0<\/li>\n<li>G\u00fc\u00e7l\u00fc parolalar kullan\u0131n: Kolay tahmin edilebilir parolalar kullanmaktan veya di\u011fer hesaplardaki parolalar\u0131n\u0131z\u0131 tekrar kullanmaktan ka\u00e7\u0131n\u0131n. Parolalar\u0131 etkili ve g\u00fcvenli bir \u015fekilde y\u00f6netmek i\u00e7in\u00a0Kaspersky Password Manager\u00a0kullanabilirsiniz.<\/li>\n<\/ul>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131, al\u0131\u015f\u0131lmad\u0131k t\u00fcrden bir macOS zararl\u0131 yaz\u0131l\u0131m t\u00fcr\u00fcn\u00fc ortaya \u00e7\u0131kard\u0131.<\/p>\n","protected":false},"author":1,"featured_media":2567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[25],"tags":[1148,428,684,526,660],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2566"}],"collection":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/comments?post=2566"}],"version-history":[{"count":1,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2566\/revisions"}],"predecessor-version":[{"id":2568,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2566\/revisions\/2568"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/media\/2567"}],"wp:attachment":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/media?parent=2566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/categories?post=2566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/tags?post=2566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}