{"id":74,"date":"2016-11-25T00:16:00","date_gmt":"2016-11-24T21:16:00","guid":{"rendered":"http:\/\/caneroglu.com\/?p=74"},"modified":"2019-12-16T17:44:50","modified_gmt":"2019-12-16T14:44:50","slug":"android-cihazlarda-banka-sms-onayinda-malware-tespit-edildi","status":"publish","type":"post","link":"https:\/\/caneroglu.com\/?p=74","title":{"rendered":"Android Cihazlarda, Banka SMS Onay\u0131nda Malware Tespit Edildi"},"content":{"rendered":"\n

T\u00fcrkiye\u2019deki bankalar\u0131n mobil uygulamalar\u0131n\u0131 hedef alan ve bankalar\u0131n SMS onay mesajlar\u0131n\u0131 etkisiz hale getiren bir malware tespit etti. Zararl\u0131 yaz\u0131l\u0131m kullan\u0131c\u0131lar\u0131n banka ve kredi kart\u0131 bilgilerinin yan\u0131 s\u0131ra sosyal medya hesaplar\u0131n\u0131n giri\u015f bilgilerini de ele ge\u00e7iriyor.<\/strong><\/h2>\n\n\n\n

Y\u00fcksek performansl\u0131 siber g\u00fcvenlik \u00e7\u00f6z\u00fcmleri alan\u0131nda d\u00fcnyan\u0131n \u00f6nde gelen \u015firketlerinden Fortinet\u2019in tespit etti\u011fi Android.Banker isimli zararl\u0131 yaz\u0131l\u0131m, kendisini \u201cFlash Player\u201d \u015feklinde gizleyerek b\u00fcy\u00fck bankalar\u0131n ve sosyal medya sayfalar\u0131n uygulamalar\u0131n\u0131 hedef al\u0131yor.<\/p>\n\n\n\n

Zararl\u0131 yaz\u0131l\u0131m; T\u00fcrkiye, ABD, Almanya, Fransa, Avustralya, Polonya ve Avusturya\u2019da faaliyet g\u00f6steren 94 bankan\u0131n mobil uygulamas\u0131n\u0131 hedef al\u0131yor. Bankadan gelen SMS onay\u0131n\u0131 da etkisiz hale getirebilen malware, \u00e7ift fakt\u00f6rl\u00fc SMS kimlik do\u011frulama ad\u0131m\u0131n\u0131 da ge\u00e7ebiliyor. T\u00fcrkiye\u2019deki bankalar\u0131n uygulamas\u0131n\u0131 hedef almakla kalmayan yaz\u0131l\u0131m; Google Play ma\u011fazas\u0131, Facebook, Facebook Messenger, Whatsapp, Skype, Snapchat, Twitter, Viber, Instagram ve Snapchat gibi sosyal medya hesaplar\u0131n\u0131n kullan\u0131c\u0131 bilgilerini de ele ge\u00e7irebiliyor.<\/p>\n\n\n\n

Malware, telefona y\u00fcklendi\u011finde \u201cFlash Player\u201d uygulamas\u0131n\u0131n ikonu \u015feklinde g\u00f6r\u00fcn\u00fcyor. Bu ikona t\u0131kland\u0131\u011f\u0131nda a\u00e7\u0131lan sayfada \u201c\u0130ptal<\/strong>\u201d ve \u201cAktive Et<\/strong>\u201d se\u00e7enekleri bulunsa da \u201c\u0130ptal<\/strong>\u201d se\u00e7ene\u011fi t\u0131kland\u0131\u011f\u0131nda yaz\u0131l\u0131m, kullan\u0131c\u0131 \u201cAktive Et<\/strong>\u201d se\u00e7ene\u011fini se\u00e7inceye kadar her seferinde kendisini tekrar a\u00e7\u0131yor. Bir kez \u201cAktive Et<\/strong>\u201d t\u0131kland\u0131\u011f\u0131nda ise yaz\u0131l\u0131ma cihaz\u0131n tam kontrol\u00fc i\u00e7in yetki verilmi\u015f oluyor.<\/p>\n\n\n\n

Telefonun kontrol\u00fc i\u00e7in yetkileri alan yaz\u0131l\u0131m cihaz ile ilgili t\u00fcm bilgileri C&C (komuta kontrol) sunucusuna g\u00f6nderiyor ve oradan gelecek komutlar\u0131 uygulamak i\u00e7in beklemeye ge\u00e7iyor. Yaz\u0131l\u0131m\u0131n g\u00f6nderdi\u011fi bilgiler aras\u0131nda; cihaz\u0131n IMEI numaras\u0131, ISO \u00fclke kodu, Android versiyonu, cihaz\u0131n modeli, telefon numaras\u0131, y\u00fckl\u00fc uygulamalar gibi bir\u00e7ok \u00f6nemli bilgi yer al\u0131yor.<\/p>\n\n\n\n

Banka ve sosyal medya uygulamalar\u0131n\u0131 a\u00e7an kullan\u0131c\u0131 kar\u015f\u0131s\u0131nda asl\u0131nda ger\u00e7ek sayfa yerine ger\u00e7e\u011fi ile neredeyse ay\u0131rt edilemeyecek bir sahte sayfa g\u00f6r\u00fcyor. Bu sayfaya girilen bilgiler ise sald\u0131rgan\u0131n eline ge\u00e7mi\u015f oluyor.
<\/p>\n\n\n\n

Nas\u0131l silinir?<\/strong><\/h3>\n\n\n\n

Uygulama iki y\u00f6ntem ile telefonlardan silinebiliyor.
\u0130lk ad\u0131m uygulamaya verilen yetkilerin iptal edilerek ard\u0131ndan silinmesi. Bunun i\u00e7in Ayarlar<\/strong> > G\u00fcvenlik <\/strong>> Cihaz Y\u00f6netimi<\/strong> > Google Play Servisi<\/strong> >  Devre D\u0131\u015f\u0131 B\u0131rak<\/strong> yolunu takip ederek yaz\u0131l\u0131ma verilen yetkiler iptal ediliyor. Ard\u0131ndan sahte \u201cFlash Player\u201d uygulamas\u0131n\u0131n silinmesi i\u00e7in \u015fu yolun takip edilmesi gerekiyor: Ayarlar<\/strong> > Uygulamalar<\/strong> > Flash-Player-G\u00fcncelleme<\/strong> > Kald\u0131r<\/strong>.<\/p>\n\n\n\n

E\u011fer yaz\u0131l\u0131m \u201cAktive Et\u201d se\u00e7ene\u011fi ile yetkilendirilmemi\u015fse bunun i\u00e7in farkl\u0131 bir yol izlenmesi gerekiyor. Bunun da nedeni yaz\u0131l\u0131m\u0131n yetki al\u0131ncaya kadar s\u00fcrekli bir pencere a\u00e7mas\u0131 ve kullan\u0131c\u0131n\u0131n Ayarlar<\/strong>> Uygulamalar<\/strong> > Flash-Player-G\u00fcncelleme<\/strong> > Kald\u0131r<\/strong> yolunu takip etmesini engellemesi. B\u00f6yle bir durumda ise ADB (Android Debug Bridge)<\/strong> \u00fczerinden \u201cadb uninstall [packagename]<\/strong>\u201d komutu ile yaz\u0131l\u0131m telefondan silinebiliyor.<\/p>\n","protected":false},"excerpt":{"rendered":"

T\u00fcrkiye\u2019deki bankalar\u0131n mobil uygulamalar\u0131n\u0131 hedef alan ve bankalar\u0131n SMS onay mesajlar\u0131n\u0131 etkisiz hale getiren bir malware tespit etti. Zararl\u0131 yaz\u0131l\u0131m kullan\u0131c\u0131lar\u0131n banka ve kredi kart\u0131…<\/p>\n

Devam\u0131n\u0131 okuyunAndroid Cihazlarda, Banka SMS Onay\u0131nda Malware Tespit Edildi<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":75,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5],"tags":[65,67,66],"class_list":["post-74","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-android","tag-banka","tag-malware","entry"],"jetpack_featured_media_url":"https:\/\/caneroglu.com\/wp-content\/uploads\/2019\/12\/android_banka.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/posts\/74"}],"collection":[{"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/caneroglu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=74"}],"version-history":[{"count":2,"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":506,"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/posts\/74\/revisions\/506"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/caneroglu.com\/index.php?rest_route=\/wp\/v2\/media\/75"}],"wp:attachment":[{"href":"https:\/\/caneroglu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/caneroglu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/caneroglu.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}