Siber g\u00fcvenlik \u015firketi ESET, anl\u0131k mesajla\u015fma uygulamalar\u0131na yerle\u015ftirilen ve ekran panosundaki bilgileri alabilen clipper ad\u0131 verilen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n ilk \u00f6rne\u011fini tespit etti. Tehdit akt\u00f6rleri, sahte web siteleri arac\u0131l\u0131\u011f\u0131 ile kullan\u0131c\u0131lar\u0131n Android ve Windows sistemli cihazlar\u0131na, i\u00e7ine Truva at\u0131 yerle\u015ftirilerek de\u011fi\u015ftirilmi\u015f Telegram ve WhatsApp uygulamalar\u0131n\u0131 indirmelerini sa\u011fl\u0131yorlar. \u00a0<\/p>\n\n\n\n
Bu sahte uygulamalar sayesinde kurbanlar\u0131n kripto paralar\u0131n\u0131 izleyebiliyorlar. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurban\u0131n sohbet uygulamas\u0131ndan g\u00f6nderdi\u011fi kripto para c\u00fczdan adreslerini sald\u0131rgana ait adreslerle de\u011fi\u015ftirebiliyor. Ekran panosundan metin \u00e7\u0131karmak ve kripto para c\u00fczdan\u0131na ait hesap kurtarma kodlar\u0131n\u0131 \u00e7almak i\u00e7in optik karakter tan\u0131may\u0131 k\u00f6t\u00fcye kullanabiliyorlar.<\/p>\n\n\n\n
ESET ara\u015ft\u0131rmac\u0131lar\u0131, WhatsApp ve Telegram uygulamalar\u0131n\u0131n truva at\u0131 gizlenmi\u015f s\u00fcr\u00fcmleri ile \u00f6zellikle Android ve Windows kullan\u0131c\u0131lar\u0131n\u0131 hedef alan s\u00f6z konusu anl\u0131k mesajla\u015fma uygulamalar\u0131na ait d\u00fczinelerce taklit\u00e7i internet sitesi tespit etti. Tespit edilen k\u00f6t\u00fc ama\u00e7l\u0131 uygulamalar\u0131n \u00e7o\u011fu, pano i\u00e7eriklerini \u00e7alan veya de\u011fi\u015ftiren, k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m t\u00fcr\u00fc olan clipper yaz\u0131l\u0131mlar\u0131ndan olu\u015fuyor. S\u00f6z konusu yaz\u0131l\u0131mlar\u0131n t\u00fcm\u00fc, kurbanlar\u0131n kripto paralar\u0131n\u0131 \u00e7almaya \u00e7al\u0131\u015f\u0131rken baz\u0131lar\u0131 ise kripto para c\u00fczdanlar\u0131n\u0131 hedef al\u0131yor. ESET Research, ilk kez \u00f6zellikle anl\u0131k mesajla\u015fma uygulamalar\u0131n\u0131 hedef alan Android tabanl\u0131 clipper yaz\u0131l\u0131mlar\u0131 tespit etti. Ayr\u0131ca bu uygulamalar\u0131n baz\u0131lar\u0131, g\u00fcvenli\u011fi ihlal edilmi\u015f cihazlarda kay\u0131tl\u0131 ekran g\u00f6r\u00fcnt\u00fclerinden metin \u00e7\u0131karmak i\u00e7in optik karakter tan\u0131mlama (OCR) kullan\u0131yor. Bu durum, Android tabanl\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar i\u00e7in bir ba\u015fka ilki olu\u015fturuyor. <\/p>\n\n\n\n
Doland\u0131r\u0131c\u0131lar anl\u0131k mesajla\u015fma uygulamalar\u0131 \u00fczerinden kripto para c\u00fczdanlar\u0131n\u0131 ele ge\u00e7irmeye \u00e7al\u0131\u015f\u0131yor <\/strong><\/p>\n\n\n\n Taklit\u00e7i uygulamalarda kullan\u0131lan dil incelendi\u011finde, bu yaz\u0131l\u0131mlar\u0131 kullanan ki\u015filerin \u00f6zellikle \u00c7ince konu\u015fan kullan\u0131c\u0131lar\u0131 hedef ald\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131. \u00c7in\u2019de, hem Telegram\u2019\u0131n hem de WhatsApp\u2019\u0131n s\u0131ras\u0131yla 2015 ve 2017 <\/em>y\u0131llar\u0131ndan itibaren kullan\u0131lmas\u0131 yasak oldu\u011fu i\u00e7in bu uygulamalar\u0131 kullanmak isteyen ki\u015filer, dolayl\u0131 yollara ba\u015fvurmak zorunda kald\u0131. S\u00f6z konusu tehdit akt\u00f6rleri, ilk olarak sahte YouTube kanallar\u0131na y\u00f6nlendiren Google Ads\u2019i kurdu ve ard\u0131ndan kullan\u0131c\u0131lar\u0131 taklit\u00e7i Telegram ve WhatsApp internet sitelerine y\u00f6nlendirdi. ESET Research, s\u00f6z konusu sahte reklamlar\u0131 ve ilgili YouTube kanallar\u0131n\u0131 Google\u2019a \u015fikayet etti ve Google da bu reklam ve kanallar\u0131n t\u00fcm\u00fcn\u00fcn kullan\u0131m\u0131na hemen son verdi.<\/p>\n\n\n\n Truva at\u0131 gizlenmi\u015f uygulamalar\u0131 tespit eden ESET ara\u015ft\u0131rmac\u0131s\u0131 Luk\u00e1\u0161 \u0160tefanko bu konuyla ilgili \u015funlar\u0131 s\u00f6yledi:<\/strong> \u201cTespit etti\u011fimiz clipper yaz\u0131l\u0131mlar\u0131n\u0131n as\u0131l amac\u0131 kurban\u0131n mesajlar\u0131n\u0131 ele ge\u00e7irip g\u00f6nderilen ve al\u0131nan kripto para c\u00fczdan adreslerini sald\u0131rgana ait adreslerle de\u011fi\u015ftirmek. Truva at\u0131 gizlenmi\u015f Android tabanl\u0131 WhatsApp ve Telegram uygulamalar\u0131n\u0131n yan\u0131 s\u0131ra, ayn\u0131 uygulamalar\u0131n truva at\u0131 gizlenmi\u015f Windows s\u00fcr\u00fcmlerini de tespit ettik.\u201d<\/p>\n\n\n\n Bu uygulamalar\u0131n truva at\u0131 gizlenmi\u015f s\u00fcr\u00fcmleri, ayn\u0131 amaca hizmet etmelerine ra\u011fmen farkl\u0131 \u00f6zelliklere sahip. \u0130ncelenen Android tabanl\u0131 clipper yaz\u0131l\u0131mlar\u0131, kurban\u0131n cihaz\u0131nda depolanan ekran g\u00f6r\u00fcnt\u00fcleri ile foto\u011fraflardaki metinleri okumak i\u00e7in OCR kullanan ilk Android temelli k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m olma \u00f6zelli\u011fini ta\u015f\u0131yor. OCR, anahtar c\u00fcmleyi bulup \u00e7almak i\u00e7in kullan\u0131l\u0131yor. Anahtar c\u00fcmle ise kripto para c\u00fczdanlar\u0131n\u0131 kurtarmak i\u00e7in kullan\u0131lan bir dizi kelimeden olu\u015fan an\u0131msat\u0131c\u0131 kod anlam\u0131na geliyor. K\u00f6t\u00fc ama\u00e7l\u0131 akt\u00f6rler, anahtar c\u00fcmleyi ele ge\u00e7irir ge\u00e7irmez do\u011frudan ilgili c\u00fczdandaki t\u00fcm kripto paralar\u0131 \u00e7alabiliyor.<\/p>\n\n\n\n K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurban\u0131n kripto para c\u00fczdan adresini sald\u0131rgan\u0131n sohbet adresi ile de\u011fi\u015ftiriyor. Bunu da ya do\u011frudan program i\u00e7erisinde yer alan ya da sald\u0131rgan\u0131n sunucusundan dinamik olarak ele ge\u00e7irilen adreslerle yap\u0131yor. Ayr\u0131ca s\u00f6z konusu yaz\u0131l\u0131m, kripto paralarla ilgili belirli anahtar kelimeleri tespit etmek i\u00e7in Telegram mesajlar\u0131n\u0131 izliyor. Yaz\u0131l\u0131m, bu t\u00fcr bir anahtar kelimeyi tespit etti\u011fi anda t\u00fcm mesaj\u0131 sald\u0131rgan\u0131n sunucusuna iletiyor.<\/p>\n\n\n\n ESET Research, uzaktan eri\u015fim truva atlar\u0131 (RATs) i\u00e7eren Windows tabanl\u0131 Telegram ve WhatsApp y\u00fckleyicilerinin yan\u0131 s\u0131ra s\u00f6z konusu c\u00fczdan adresi de\u011fi\u015ftiren clipper yaz\u0131l\u0131mlar\u0131n\u0131n Windows s\u00fcr\u00fcmlerini de tespit etti. Uygulama modelinden yola \u00e7\u0131karak Windows tabanl\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 paketlerden birinin clipper yaz\u0131l\u0131mlardan de\u011fil kurban\u0131n sisteminin kontrol\u00fcn\u00fc t\u00fcmden ele ge\u00e7irebilen RATs\u2019lerden olu\u015ftu\u011fu ke\u015ffedildi. B\u00f6ylece s\u00f6z konusu RATs\u2019ler, uygulama ak\u0131\u015f\u0131n\u0131 ele ge\u00e7irmeden kripto para c\u00fczdanlar\u0131n\u0131 \u00e7alabiliyor.<\/p>\n\n\n\n Luk\u00e1\u0161 \u0160tefanko bu konuda \u015fu tavsiyelerde bulundu:<\/strong>\u00a0\u201cUygulamalar\u0131 Google Play Store gibi yaln\u0131zca g\u00fcvenilir ve sa\u011flam kaynaklardan y\u00fckleyin ve \u00f6nemli bilgileri i\u00e7eren \u015fifrelenmemi\u015f resimleri veya ekran g\u00f6r\u00fcnt\u00fclerini cihaz\u0131n\u0131zda depolamay\u0131n. Cihaz\u0131n\u0131zda truva at\u0131 gizlenmi\u015f Telegram veya WhatsApp uygulamas\u0131 oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z bu uygulamalar\u0131 manuel olarak cihaz\u0131n\u0131zdan kald\u0131r\u0131n ve uygulamay\u0131 ya Google Play \u00fczerinden ya da do\u011frudan yasal internet sitesi \u00fczerinden indirin. Windows tabanl\u0131 cihaz\u0131n\u0131zda k\u00f6t\u00fc ama\u00e7l\u0131 Telegram uygulamas\u0131 oldu\u011fundan \u015f\u00fcpheleniyorsan\u0131z tehdidi tespit ederek kald\u0131ran bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kullan\u0131n. Windows i\u00e7in WhatsApp’\u0131n tek resmi s\u00fcr\u00fcm\u00fc \u015fu anda Microsoft ma\u011fazas\u0131nda mevcut.”\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":" Siber g\u00fcvenlik \u015firketi ESET, anl\u0131k mesajla\u015fma uygulamalar\u0131na yerle\u015ftirilen ve ekran panosundaki bilgileri alabilen clipper ad\u0131 verilen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n ilk \u00f6rne\u011fini tespit etti. Tehdit akt\u00f6rleri, sahte web siteleri arac\u0131l\u0131\u011f\u0131 ile kullan\u0131c\u0131lar\u0131n Android ve Windows sistemli cihazlar\u0131na, i\u00e7ine Truva at\u0131 yerle\u015ftirilerek de\u011fi\u015ftirilmi\u015f Telegram ve WhatsApp uygulamalar\u0131n\u0131 indirmelerini sa\u011fl\u0131yorlar. \u00a0 Bu sahte uygulamalar sayesinde kurbanlar\u0131n kripto paralar\u0131n\u0131 […]<\/p>\n","protected":false},"author":1,"featured_media":6834,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[896,1983,2266],"class_list":["post-6833","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-eset","tag-sahte-whatsapp","tag-siber-guvenlik-sirketi"],"_links":{"self":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/6833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/comments?post=6833"}],"version-history":[{"count":1,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/6833\/revisions"}],"predecessor-version":[{"id":6835,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/6833\/revisions\/6835"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media\/6834"}],"wp:attachment":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media?parent=6833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/categories?post=6833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/tags?post=6833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}