Masu bincike daga Kaspersky Lab sun gano wani Sigar Linux dfansware malware "FansaEXX".
Da farko, RansomEXX an rarraba shi ne kawai a kan dandalin Windows kuma ya zama sananne saboda manyan manyan abubuwan da suka faru tare da shan kayen tsarin hukumomin gwamnati da kamfanoni daban-daban, gami da Ma'aikatar Sufuri ta Texas da Konica Minolta.
Game da FansaEXX
RansomEXX yana ɓoye bayanai akan faifai sannan yana buƙatar fansa don samun mabuɗin yanke hukunci.
An shirya ɓoye ɓoye ta amfani da laburaren syeda de Bude Source. Da zarar an ƙaddamar, malware yana haifar da maɓallin 256-bit kuma yana amfani dashi don ɓoye duk fayilolin da suke akwai ta amfani da ɓoyayyen ɓoye AES a cikin yanayin ECB.
Bayan haka, sabon maɓallin AES ana samar dashi kowane dakika, ma'ana, fayilolin daban suna ɓoye tare da maɓallan AES daban.
Kowane maɓallin AES an ɓoye shi ta amfani da maɓallin jama'a RSA-4096 saka a cikin lambar malware kuma yana haɗe da kowane ɓoyayyen fayil. Don yanke hukunci, kayan fansar sun bayar da siyan mabuɗin sirri daga gare su.
Wani fasali na musamman na RansomEXX naku ne amfani da shi a cikin hare-hare, yayin da maharan ke samun damar shiga ɗaya daga cikin tsarin akan hanyar sadarwar ta hanyar sassaucin raunin yanayi ko hanyoyin injiniyan zamantakewar jama'a, bayan haka sai su farma wasu tsarin kuma su sanya wani nau'ikan nau'ikan ɓoyayyen ɓoyayyiyar cuta don kowane kayan aikin da aka kaiwa hari, gami da sunan kamfanin da kowane ɗayansu da cikakken bayanin lamba.
Da farko, yayin kai hari kan hanyoyin sadarwar kamfanoni, maharan sun yi kokarin karbe iko na ayyuka da yawa kamar yadda zai yiwu don shigar da malware akan su, amma wannan dabarun ya zama ba daidai ba kuma a yawancin lokuta ana sake dawo da tsarin kawai ta amfani da ajiyar ajiya ba tare da biyan fansa ba.
Yanzu dabarun masu aikata laifuka ta hanyar yanar gizo ya canza y Manufar su ita ce ta kayar da tsarin sabar kamfanoni kuma musamman ga tsarin ajiya na tsakiya, gami da waɗanda ke gudanar da Linux.
Saboda haka, ba abin mamaki ba ne idan aka ga cewa tradersan kasuwar RansomEXX sun mai da shi sanannen abu a cikin masana'antar; Sauran masu aiki na fansware na iya tura sigogin Linux a nan gaba.
Kwanan nan mun gano sabon Trojan ɓoye fayil wanda aka kirkira azaman ELF zartarwa kuma ana nufin ɓoye bayanai akan injunan da tsarin aiki na Linux ke sarrafawa.
Bayan bincike na farko, mun lura da kamanceceniya a cikin lambar Trojan, rubutun bayanan fansar, da kuma hanyar kusanci da karɓar rashawa, yana mai nuna cewa lallai mun sami ginin Linux na sanannen dangin RansomEXX na fansware. An san wannan malware don kaiwa manyan ƙungiyoyi hari kuma tana aiki sosai a farkon wannan shekarar.
RansomEXX takamaiman Trojan ne. Kowane samfurin malware yana dauke da sunan ɓoyayyen sunan ƙungiyar da aka cutar. Bugu da ƙari kuma, duka ƙarin fayil ɗin ɓoyayyen da adireshin imel don tuntuɓar masu cin zarafin suna amfani da sunan wanda aka azabtar.
Kuma wannan motsi da alama ya riga ya fara. Dangane da kamfanin tsaro na yanar gizo Emsisoft, ban da RansomEXX, masu gudanar da bayan Mespinoza (Pysa) fansware suma kwanan nan sun samar da wani nau'ikan Linux daga asalin Windows ɗin su. A cewar Emsisoft, nau'ikan bambance-bambancen RansomEXX Linux da suka gano an fara aiwatar da su a watan Yuli.
Wannan ba shine karo na farko da masu aikin malware ke tunanin kirkirar wani nau’in Linux na malware ba.
Misali, zamu iya kawo misalin matsalar KillDisk malware, wanda aka yi amfani dashi don gurgunta layin wutar lantarki a cikin Ukraine a cikin 2015.
Wannan bambance-bambancen ya sanya "injunan Linux ba zasu yuwu a taya su ba, bayan sun rufa fayilolin kuma sun nemi fansa mai yawa." Yana da sigar don Windows da sigar Linux, "wanda tabbas abin da ba ma gani a kowace rana," in ji masu binciken na ESET.
A ƙarshe, idan kuna son ƙarin sani game da shi, kuna iya bincika cikakkun bayanai game da littafin Kaspersky A cikin mahaɗin mai zuwa.
Abin mamaki! Kyakkyawan matsayi! Murna
Linux shine kawai cetona don gujewa Malware, hakika abin kunya ne ...
Yaya babba! DUKANMU MUN SAN RANSOMEXX ZAMU SAUKI!
Kyakkyawan bayanin kula