Agent Smith ya gano wata sabuwar cuta ta cutar ta Android kuma hakan ya riga ya kamu da miliyoyin mutane

Darkcrizt

4 minti

Masu bincike sun gano wani sabon nau'in malware don na'urorin hannu Ya cutar da wasu na'urori miliyan 25 a hankali ba tare da masu amfani sun lura ba.

An canza shi azaman aikace-aikacen da ke hade da Google, ainihin malware amfani da dama sanannun raunin Android kuma yana maye gurbin aikace-aikacen shigarwa ta atomatik a kan na'urar ta hanyar sifofin ɓarna ba tare da sa hannun mai amfani ba. Wannan tsarin ya sa masu binciken suka sanya wa kamfanin suna Malik Agent Smith suna.

Wannan malware a halin yanzu yana samun damar albarkatun na'urar don nuna tallace-tallace yaudara da samun ribar kuɗi. Wannan aikin yayi kama da raunin da ya gabata kamar Gooligan, HummingBad, da CopyCat.

Har yanzu, wadanda abin ya fi shafa su ne a Indiya, duk da cewa wasu kasashen Asiya irin su Pakistan da Bangladesh su ma abin ya shafa.

A cikin yanayin tsaro mafi aminci na Android, marubutan "Wakilin Smith" da alama sun koma cikin hadadden yanayin koyaushe neman sabbin lahani, kamar su Janus, Bundle, da Man-in-the-Disk, don ƙirƙirar Tsarin Kamuwa da Cutar mataki uku da gina botnet mai riba.

Agent Smith wataƙila shine farkon ɓarnar da ta haɗu da waɗannan halayen don amfani tare.

Idan ana amfani da Agent Smith don samun kuɗi ta hanyar tallace-tallace masu ɓarna, ana iya amfani da shi cikin sauƙi don dalilai na kutse da cutarwa, kamar satar ID na banki.

A zahiri, toarfinsa don bayyana tambarinsa a cikin mai ƙaddamarwa da kwaikwayon shahararrun aikace-aikacen da ke kan na'urar, yana ba shi dama da dama don lalata na'urar mai amfani.

Akan harin Agent Smith

Agent Smith yana da manyan matakai guda uku:

  1. Aikace-aikacen allura yana ƙarfafa wanda aka azabtar don shigar da kansa da son rai. Ya ƙunshi fakiti a cikin hanyar ɓoyayyen fayiloli. Bambance-bambancen wannan aikace-aikacen allurar galibi kayan amfani ne na hoto, wasanni, ko kuma manya.
  2. Aikace-aikacen allura ta atomatik yana yankewa kuma yana girka APK na babbar lambar ɓarna, wanda hakan ke ƙara ƙeta-ƙira ga ayyukan. Babban malware galibi ana ɓoye shi kamar shirin sabunta Google, Sabunta Google don U, ko "com.google.vending." Babban gunkin malware bai bayyana a cikin mai ƙaddamar ba.
  3. Babban malware ya fitar da jerin aikace-aikacen da aka sanya akan na'urar. Idan ya samo aikace-aikacen da suke cikin jerin kayan abincinku (wanda aka sanya ko aka aika shi ta hanyar umarni da uwar garke), yana cire asalin APK na aikace-aikacen akan na'urar, yana ƙara mugu modules da tallace-tallace a cikin APK, sake sakawa da maye gurbin na asali, kamar dai sabuntawa ne.

Agent Smith ya sake yin amfani da aikace-aikacen da aka yi niyya a matakin smali / baksmali. A yayin aikin shigarwar karshe na karshe, ya dogara da raunin Janus don kewaya hanyoyin Android wadanda ke tabbatar da ingancin APK.

Tsarin tsakiya

Agent Smith yana aiwatar da ainihin tsarin don yada kamuwa da cuta:

Ana amfani da jerin "learin" lahani don shigar da aikace-aikace ba tare da wanda aka azabtar ya lura ba.

Raunin Janus, wanda ke ba dan gwanin kwamfuta damar maye gurbin duk wani aikace-aikace da sigar da ta kamu.

Babban zangon yana tuntuɓar umarni da uwar garken sarrafawa don ƙoƙarin samun sabon jerin aikace-aikacen don bincika ko kuma rashin nasara, yana amfani da jerin tsoffin ƙa'idodi:

  • com.whatsapp
  • com.lenovo.anyshare.gps
  • com.mxtech.videoplayer.ad
  • com.jio.jioplay.tv
  • com.jio.media.jiobeats
  • com.rijan.jiochatapp
  • com.jio.so
  • com.mai kyau.tarin wasa
  • com.opera.mini.n asali
  • cikin.startv.hotstar
  • com.meitu.beautyplusme
  • com.domobile.applock
  • com.rariyace.swiftkey
  • com.flipkart.da kuma
  • syeda_
  • com.rariya
  • karin bayani

Mahimmin tsarin yana neman sigar kowace ƙa'ida a cikin jerin da kuma zaban MD5 daidai tsakanin aikace-aikacen da aka sanya da waɗanda ke gudana a sararin mai amfani. Lokacin da aka cika dukkan sharuɗɗa, "Agent Smith" yana ƙoƙarin cutar da aikace-aikacen da aka samo.

Babban jigon yana amfani da ɗayan hanyoyin biyu masu biyowa don cutar da aikace-aikacen: tarwatse ko binary.

A ƙarshen jerin cututtukan, yana satar aikace-aikacen masu amfani da damuwa don nuna tallace-tallace.

Dangane da ƙarin bayani aikace-aikacen allura na Agent Smith yana yaduwa ta hanyar «9Apps», wani shagon sayar da kayan masarufi wanda ya shafi mutanen Indiya (Hindi), Balarabe, da Indonesiya.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.