{"id":4393,"date":"2023-01-12T12:03:33","date_gmt":"2023-01-12T09:03:33","guid":{"rendered":"https:\/\/sakarya.news\/?p=4393"},"modified":"2023-01-12T12:03:35","modified_gmt":"2023-01-12T09:03:35","slug":"yetiskinlere-yonelik-goruntulu-sohbet-uzerinden-siber-saldiri","status":"publish","type":"post","link":"https:\/\/haber.kocaalibilisim.com\/index.php\/2023\/01\/12\/yetiskinlere-yonelik-goruntulu-sohbet-uzerinden-siber-saldiri\/","title":{"rendered":"Yeti\u015fkinlere y\u00f6nelik g\u00f6r\u00fcnt\u00fcl\u00fc sohbet \u00fczerinden siber sald\u0131r\u0131"},"content":{"rendered":"\n<p><strong>Andorid kullan\u0131c\u0131lar\u0131n\u0131 hedefleyen casusluk sald\u0131r\u0131s\u0131na dikkat&nbsp;<\/strong><\/p>\n\n\n\n<p>Dijital g\u00fcvenlik \u015firketi ESET, \u00a0geli\u015fmi\u015f kal\u0131c\u0131 tehdit(APT) grubu StrongPity\u2019e ait bir casusluk sald\u0131r\u0131s\u0131n\u0131 tespit etti. APT grubu, Android kullan\u0131c\u0131lar\u0131n\u0131 Shagle adl\u0131 g\u00f6r\u00fcnt\u00fcl\u00fc sohbet hizmetini taklit eden sahte bir web sitesi ve Telegram uygulamas\u0131n\u0131n truva at\u0131 haline getirilmi\u015f s\u00fcr\u00fcm\u00fcyle hedef al\u0131yor.<\/p>\n\n\n\n<p>Kurban, k\u00f6t\u00fc ama\u00e7l\u0131 StrongPity uygulamas\u0131na bildirim eri\u015fimi ve eri\u015filebilirlik hizmetleri onay\u0131 verirse, yaz\u0131l\u0131m Viber, Skype, Gmail, Messenger ve Tinder gibi mesajla\u015fma uygulamalar\u0131ndan ileti\u015fimi s\u0131zd\u0131rabiliyor.<\/p>\n\n\n\n<p>ESET ara\u015ft\u0131rmac\u0131lar\u0131, yasal Telegram uygulamas\u0131n\u0131n tamamen i\u015flevsel ancak truva at\u0131 gizlenmi\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc da\u011f\u0131tan aktif bir StrongPity sald\u0131r\u0131s\u0131 tespit etti.&nbsp;Yeti\u015fkinlere y\u00f6nelik bir g\u00f6r\u00fcnt\u00fcl\u00fc sohbet uygulamas\u0131 olan Shagle&#8217;\u0131 taklit eden sahte web sitesi, StrongPity&#8217;nin mobil arka kap\u0131 uygulamas\u0131n\u0131 da\u011f\u0131tmak i\u00e7in kullan\u0131l\u0131yor. S\u00f6z konusu uygulaman\u0131n, StrongPity arka kap\u0131 kodu ile tekrar paketlenen a\u00e7\u0131k kaynak Telegram uygulamas\u0131n\u0131n de\u011fi\u015ftirilmi\u015f bir s\u00fcr\u00fcm\u00fc oldu\u011fu belirtiliyor. StrongPity&#8217;nin mod\u00fcler olan arka kap\u0131s\u0131n\u0131n telefon g\u00f6r\u00fc\u015fmelerini kaydetme, SMS mesajlar\u0131 toplama, arama g\u00fcnl\u00fckleri ve ki\u015fi listeleri toplama ve daha bir \u00e7ok casusluk \u00f6zelli\u011fine sahip oldu\u011fu belirtiliyor. Kurban, k\u00f6t\u00fc ama\u00e7l\u0131 StrongPity uygulamas\u0131na bildirim ve eri\u015filebilirlik onay\u0131 verirse, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m Viber, Skype, Gmail, Messenger ve Tinder gibi mesajla\u015fma uygulamalar\u0131ndaki yaz\u0131\u015fmalara s\u0131zabiliyor. &nbsp;<\/p>\n\n\n\n<p><strong>Di\u011fer mesajla\u015fma uygulamalar\u0131na s\u0131zma riski ta\u015f\u0131yor&nbsp;<\/strong><\/p>\n\n\n\n<p>Hizmetlerine eri\u015fim sa\u011flanmas\u0131 i\u00e7in resmi bir mobil uygulamas\u0131 olmayan tamamen internet tabanl\u0131 ger\u00e7ek Shagle internet sitesinin aksine, sahte internet sitesi, internet tabanl\u0131 bir yay\u0131nlama hizmeti olmadan sadece indirilebilen bir Android uygulamas\u0131 sunuyor. Truva at\u0131 i\u00e7eren s\u00f6z konusu Telegram uygulamas\u0131na Google Play Store \u00fczerinden eri\u015fim sa\u011flanam\u0131yor. K\u00f6t\u00fc ama\u00e7l\u0131 kod, bu kodlar\u0131n i\u015flevselli\u011fi, s\u0131n\u0131f adlar\u0131 ve APK dosyas\u0131 i\u00e7in kullan\u0131lan sertifika, bir \u00f6nceki sald\u0131r\u0131yla birebir benzerlik ta\u015f\u0131d\u0131\u011f\u0131 i\u00e7in ESET bu sald\u0131r\u0131n\u0131n arkas\u0131nda StrongPity grubunun oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor. Kod analizi, arka kap\u0131n\u0131n mod\u00fcler yap\u0131ya sahip oldu\u011funu ve ekstra ikili mod\u00fcllerin Komuta ve Kontrol sunucusundan indirildi\u011fini g\u00f6steriyor. Bu, kullan\u0131lan mod\u00fcllerin say\u0131s\u0131n\u0131n ve t\u00fcr\u00fcn\u00fcn, StrongPity grubu taraf\u0131ndan \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda sald\u0131r\u0131 amac\u0131na uyacak \u015fekilde herhangi bir zamanda de\u011fi\u015ftirilebilece\u011fi anlam\u0131na gelir.<\/p>\n\n\n\n<p><strong>\u015eu an aktif de\u011fil ama her an aktif hale gelebilir<\/strong><\/p>\n\n\n\n<p>Truva at\u0131 i\u00e7eren Telegram uygulamas\u0131n\u0131 analiz eden ESET ara\u015ft\u0131rmac\u0131s\u0131 Luk\u00e1\u0161 \u0160tefanko, sald\u0131r\u0131 ile ilgili \u015funlar\u0131 ifade etti: \u201cAra\u015ft\u0131rmam\u0131z s\u0131ras\u0131nda sahte internet sitesinde bulunan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m incelendi\u011finde, art\u0131k aktif olmad\u0131\u011f\u0131 ve bu yaz\u0131l\u0131m\u0131n arka kap\u0131s\u0131n\u0131 y\u00fcklemenin ve \u00e7al\u0131\u015ft\u0131rman\u0131n art\u0131k m\u00fcmk\u00fcn olmad\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131. Bunun nedeni ise StrongPity\u2019nin truva at\u0131 i\u00e7eren Telegram uygulamas\u0131 i\u00e7in API kimli\u011fi temin etmemesi. Ancak sald\u0131rgan s\u00f6z konusu k\u00f6t\u00fc ama\u00e7l\u0131 uygulamay\u0131 g\u00fcncelle\u015ftirmeye karar verirse bu durum her an de\u011fi\u015febilir.\u201d<\/p>\n\n\n\n<p>Tekrar paketlenen Telegram s\u00fcr\u00fcm\u00fc de yasal Telegram uygulamas\u0131na ait ayn\u0131 paket ad\u0131n\u0131 kullan\u0131yor. Paket adlar\u0131, her bir Android uygulamas\u0131na \u00f6zg\u00fc kimlikler ve her bir cihazda benzersiz olmal\u0131d\u0131r. Bu da, muhtemel bir kurban\u0131n cihaz\u0131nda resmi Telegram uygulamas\u0131 y\u00fckl\u00fc ise bu uygulaman\u0131n arka kap\u0131s\u0131n\u0131 i\u00e7eren s\u00fcr\u00fcm\u00fcn\u00fcn ayn\u0131 cihaza y\u00fcklenemeyece\u011fi anlam\u0131na gelir. \u0160tefanko s\u00f6zlerine \u015f\u00f6yle devam etti: \u201cBunun iki nedeni olabilir; ya sald\u0131rgan potansiyel kurbanlarla \u00f6nce ileti\u015fim kurarak onlar\u0131 cihazlar\u0131nda Telegram y\u00fckl\u00fcyse kald\u0131rmaya zorlar ya da sald\u0131r\u0131, Telegram kullan\u0131m\u0131n\u0131n nadir oldu\u011fu \u00fclkelere odaklan\u0131r.\u201d StrongPity uygulamas\u0131, t\u0131pk\u0131 resmi s\u00fcr\u00fcm\u00fcn\u00fcn yapt\u0131\u011f\u0131 gibi Telegram internet sitesinde yer alan standart API\u2019ler\u0131 kullanarak \u00e7al\u0131\u015fm\u0131\u015f olsa da art\u0131k bu \u015fekilde \u00e7al\u0131\u015fm\u0131yor. Mobil cihazlara y\u00f6nelik ke\u015ffedilen ilk StrongPity k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131yla kar\u015f\u0131la\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda bu s\u00fcr\u00fcm arka kap\u0131 casusluk \u00f6zelliklerini geli\u015ftirmi\u015f. Kurban\u0131n uygulaman\u0131n bildirimlere eri\u015fim sa\u011flamas\u0131na onay vermesi ve eri\u015filebilirlik hizmetlerini etkinle\u015ftirmesi halinde s\u00f6z konusu arka kap\u0131, gelen bildirimleri g\u00f6zetleyip sohbetleri d\u0131\u015far\u0131 aktar\u0131yor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Andorid kullan\u0131c\u0131lar\u0131n\u0131 hedefleyen casusluk sald\u0131r\u0131s\u0131na dikkat&nbsp; Dijital g\u00fcvenlik \u015firketi ESET, \u00a0geli\u015fmi\u015f kal\u0131c\u0131 tehdit(APT) grubu StrongPity\u2019e ait bir casusluk sald\u0131r\u0131s\u0131n\u0131 tespit etti. APT grubu, Android kullan\u0131c\u0131lar\u0131n\u0131 Shagle adl\u0131 g\u00f6r\u00fcnt\u00fcl\u00fc sohbet hizmetini taklit eden sahte bir web sitesi ve Telegram uygulamas\u0131n\u0131n truva at\u0131 haline getirilmi\u015f s\u00fcr\u00fcm\u00fcyle hedef al\u0131yor. Kurban, k\u00f6t\u00fc ama\u00e7l\u0131 StrongPity uygulamas\u0131na bildirim eri\u015fimi ve eri\u015filebilirlik [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4394,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,11],"tags":[649,896,2271,2441],"class_list":["post-4393","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guncel","category-teknoloji","tag-dijital-guvenlik-sirketi","tag-eset","tag-siber-saldiri","tag-telegram"],"_links":{"self":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/4393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/comments?post=4393"}],"version-history":[{"count":1,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/4393\/revisions"}],"predecessor-version":[{"id":4395,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/4393\/revisions\/4395"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media\/4394"}],"wp:attachment":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media?parent=4393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/categories?post=4393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/tags?post=4393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}