{"id":10144,"date":"2021-10-12T13:12:28","date_gmt":"2021-10-12T10:12:28","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10144"},"modified":"2021-10-12T13:12:28","modified_gmt":"2021-10-12T10:12:28","slug":"finspy-for-windows-macos-linux","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/finspy-for-windows-macos-linux\/10144\/","title":{"rendered":"FinSpy: En geli\u015fmi\u015f casusluk arac\u0131"},"content":{"rendered":"<p>Kaspersky\u2019nin d\u00fczenledi\u011fi son <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sas\/\" target=\"_blank\" rel=\"noopener\">Security Analyst Summit<\/a>\u2018te uzmanlar\u0131m\u0131z, FinSpy (di\u011fer ad\u0131yla FinFisher) casus yaz\u0131l\u0131mlar\u0131 ve \u00f6nceden bilinmeyenler de dahil olmak \u00fczere da\u011f\u0131t\u0131m y\u00f6ntemleri hakk\u0131nda ayr\u0131nt\u0131l\u0131 bir rapor sundular. Elde ettikleri bulgular hakk\u0131nda daha fazla bilgiye <a href=\"https:\/\/securelist.com\/finspy-unseen-findings\/104322\/\" target=\"_blank\" rel=\"noopener\">Securelist g\u00f6nderisinden<\/a> ula\u015fabilirsiniz. Biz de bu bu yaz\u0131m\u0131zda, FinSpy\u2019\u0131n ne t\u00fcr bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m oldu\u011funu ve kendinizi bundan nas\u0131l koruyabilece\u011finizi inceliyoruz.<\/p>\n<h2>FinSpy (FinFisher) nedir?<\/h2>\n<p>D\u00fcnya \u00e7ap\u0131nda kolluk kuvvetleri ve devlet kurumlar\u0131 taraf\u0131ndan kullan\u0131lan ticari bir casus yaz\u0131l\u0131m olan FinSpy, ara\u015ft\u0131rmac\u0131lar\u0131n radar\u0131na ilk kez 2011 y\u0131l\u0131nda WikiLeaks\u2019te yaz\u0131l\u0131mla ilgili belgelerin ortaya \u00e7\u0131kmas\u0131yla girdi. Kaynak kodu 2014\u2019te internette yay\u0131nland\u0131 ancak FinSpy\u2019\u0131n hikayesi burada bitmedi: K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, yeniden geli\u015ftirmenin ard\u0131ndan bug\u00fcn de hala d\u00fcnya \u00e7ap\u0131ndaki bir \u00e7ok cihaza bula\u015fmaya devam ediyor.<\/p>\n<p>FinSpy, Windows, macOS ve Linux bilgisayarlar\u0131n yan\u0131 s\u0131ra <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/finspy-commercial-spyware\/6138\/\" target=\"_blank\" rel=\"noopener\">Android ve iOS y\u00fckl\u00fc mobil cihaz<\/a> s\u00fcr\u00fcmlerine de sahip olmas\u0131 sayesinde \u00e7ok y\u00f6nl\u00fc bir casus yaz\u0131l\u0131m. Yetenekleri platforma ba\u011fl\u0131 olarak de\u011fi\u015fiklik g\u00f6sterse de t\u00fcm s\u00fcr\u00fcmlerde k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kendileriyle ilgili veri paketlerini gizlice kullan\u0131c\u0131lar\u0131na iletmek i\u00e7in \u00e7e\u015fitli ara\u00e7lar kullan\u0131yor.<\/p>\n<h2>FinSpy nas\u0131l yay\u0131l\u0131yor?<\/h2>\n<p>Casus yaz\u0131l\u0131m, birka\u00e7 farkl\u0131 yolla Windows makinelerine s\u0131z\u0131yor.<\/p>\n<p>\u00d6rne\u011fin, TeamViewer, VLC Media Player, WinRAR ve di\u011fer programlar\u0131n y\u00fckleyicileri de dahil olmak \u00fczere vir\u00fcsl\u00fc da\u011f\u0131t\u0131m paketlerinde gizlenebiliyor. De\u011fi\u015ftirilmi\u015f uygulama setlerinin indirilmesi ve \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131, <a href=\"https:\/\/securelist.com\/finspy-unseen-findings\/104322\/\" target=\"_blank\" rel=\"noopener\">\u00e7ok ad\u0131ml\u0131 bir bula\u015fma zincirini harekete ge\u00e7iriyor<\/a>.<\/p>\n<p>Bunun yan\u0131 s\u0131ra ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z, i\u015fletim sisteminden \u00f6nce y\u00fcklenen bile\u015fenlerde de \u2014 UEFI (Birle\u015fik Geni\u015fletilebilir \u00dcr\u00fcn Yaz\u0131l\u0131m\u0131 Arabirimi, i\u015fletim sisteminin donan\u0131mla ileti\u015fim kurdu\u011fu arabirim) ve MBR (Windows\u2019u ba\u015flatmak i\u00e7in gereken Ana \u00d6ny\u00fckleme Kayd\u0131) \u2014 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n y\u00fckleyicisi ile kar\u015f\u0131la\u015ft\u0131. Her iki durumda da, bilgisayar\u0131 ba\u015flatmak FinSpy\u2019\u0131 y\u00fcklenmesini sa\u011fl\u0131yor.<\/p>\n<p>Yaz\u0131l\u0131m bir ak\u0131ll\u0131 telefon veya tablete ise k\u0131sa mesajdaki bir ba\u011flant\u0131 arac\u0131l\u0131\u011f\u0131yla bula\u015fabiliyor. Baz\u0131 durumlarda (\u00f6rne\u011fin, kurban\u0131n iPhone\u2019u <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/jailbreak\/\" target=\"_blank\" rel=\"noopener\">jailbreak<\/a> yap\u0131lmam\u0131\u015fsa), sald\u0131rgan\u0131n cihaza fiziksel eri\u015fim sa\u011flamas\u0131 gerekebilir ki bu da y\u00fckleme i\u015fini biraz zorla\u015ft\u0131r\u0131yor. Ayr\u0131ca kesin olarak \u00f6yle oldu\u011funu s\u00f6yleyemesek de sald\u0131rganlar\u0131n casus yaz\u0131l\u0131m\u0131 Linux makinelere bula\u015ft\u0131rmas\u0131 i\u00e7in de fiziksel eri\u015fim sa\u011flamalar\u0131 gerekiyor gibi g\u00f6r\u00fcn\u00fcyor.<\/p>\n<h2>FinSpy hangi verileri \u00e7al\u0131yor?<\/h2>\n<p>FinSpy, olduk\u00e7a geni\u015f \u00e7apl\u0131 kullan\u0131c\u0131 g\u00f6zetleme yeteneklerine sahip bir casus yaz\u0131l\u0131m. \u00d6rne\u011fin k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m PC s\u00fcr\u00fcmlerinde:<\/p>\n<ul>\n<li>Mikrofonu a\u00e7abiliyor ve duyulan her \u015feyi kaydedebiliyor veya g\u00f6nderebiliyor,<\/li>\n<li>Ger\u00e7ek zamanl\u0131 olarak kullan\u0131c\u0131n\u0131n klavyede yazd\u0131\u011f\u0131 her \u015feyi kaydedebiliyor veya g\u00f6nderebiliyor,<\/li>\n<li>Kameray\u0131 a\u00e7abiliyor ve kamera \u00fczerinden g\u00f6r\u00fcnt\u00fc kaydedebiliyor veya g\u00f6nderebiliyor,<\/li>\n<li>Kullan\u0131c\u0131n\u0131n etkile\u015fimde bulundu\u011fu \u2014 eri\u015fti\u011fi, de\u011fi\u015ftirdi\u011fi, yazd\u0131rd\u0131\u011f\u0131, ald\u0131\u011f\u0131, sildi\u011fi vb. \u2014 dosyalar\u0131 \u00e7alabiliyor,<\/li>\n<li>Ekran g\u00f6r\u00fcnt\u00fcs\u00fc veya ekranda kullan\u0131c\u0131n\u0131n t\u0131klad\u0131\u011f\u0131 bir b\u00f6l\u00fcm\u00fcn g\u00f6r\u00fcnt\u00fcs\u00fcn\u00fc alabiliyor,<\/li>\n<li>Thunderbird, Outlook, Apple Mail ve Icedove istemcilerindeki e-postalar\u0131 \u00e7alabiliyor,<\/li>\n<li>Skype\u2019ta rehberleri, sohbetleri, aramalar\u0131 ve dosyalar\u0131 ele ge\u00e7irebiliyor.<\/li>\n<\/ul>\n<p>Ek olarak, FinSpy\u2019\u0131n Windows s\u00fcr\u00fcm\u00fc VoIP aramalar\u0131n\u0131 dinleyebiliyor, belirli protokoller i\u00e7in sertifikalar\u0131 ve \u015fifreleme anahtarlar\u0131n\u0131 ele ge\u00e7irebiliyor ve adli veri toplama ara\u00e7lar\u0131n\u0131 indirip \u00e7al\u0131\u015ft\u0131rabiliyor. Hepsinden \u00f6te, FinSpy\u2019\u0131n Windows s\u00fcr\u00fcm\u00fc BlackBerry ak\u0131ll\u0131 telefonlara da bula\u015fabiliyor, ki bu sayede art\u0131k \u00e7ok kullan\u0131lmayan bu platform bile g\u00f6z ard\u0131 edilmemi\u015f oluyor.<\/p>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/finspy-commercial-spyware\/6138\/\" target=\"_blank\" rel=\"noopener\">FinSpy\u2019\u0131n mobil s\u00fcr\u00fcmleri<\/a> ise, aramalar\u0131 (sesli veya VoIP) dinleyebiliyor ve kaydedebiliyor, k\u0131sa mesajlar\u0131 okuyabiliyor ve WhatsApp, WeChat, Viber, Skype, Line, Telegram, Signal ve Threema gibi anl\u0131k mesajla\u015fma uygulamalar\u0131ndaki kullan\u0131c\u0131 etkinli\u011fini izleyebiliyor. Mobil casus yaz\u0131l\u0131m ayr\u0131ca kullan\u0131c\u0131lar\u0131na, kurban\u0131n rehberini, arama kay\u0131tlar\u0131n\u0131, takvim etkinlikleri, co\u011frafi konum verilerini ve \u00e7ok daha fazlas\u0131n\u0131 g\u00f6nderiyor.<\/p>\n<h2>FinSpy\u2019dan nas\u0131l ka\u00e7\u0131n\u0131l\u0131r?<\/h2>\n<p>Ne yaz\u0131k ki kendinizi devletlerin kulland\u0131\u011f\u0131 seviyedeki casus yaz\u0131l\u0131mlardan tam anlam\u0131yla korumak o kadar kolay de\u011fil. Ancak FinSpy ve di\u011fer g\u00f6zetleme uygulamalar\u0131na kar\u015f\u0131 a\u015fa\u011f\u0131da yer verilen baz\u0131 \u00f6nlemleri alabilirsiniz:<\/p>\n<ul>\n<li>\u0130ster mobil, ister masa\u00fcst\u00fc veya diz\u00fcst\u00fc bilgisayar programlar\u0131 olsun, uygulamalar\u0131 yaln\u0131zca g\u00fcvenilir kaynaklardan indirin. Ayr\u0131ca Android kullan\u0131c\u0131lar\u0131, yaz\u0131l\u0131m\u0131n bula\u015fma \u015fans\u0131n\u0131 azaltmak i\u00e7in bilinmeyen kaynaklardan uygulama <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/unknown-apps-android\/10015\/\" target=\"_blank\" rel=\"noopener\">y\u00fcklenmesini yasaklamal\u0131d\u0131r<\/a>,<\/li>\n<li>E-postalardaki ve yabanc\u0131lardan gelen mesajlardaki ba\u011flant\u0131lara t\u0131klamadan \u00f6nce durun ve d\u00fc\u015f\u00fcn\u00fcn. T\u0131klaman\u0131z gerekiyorsa, \u00f6nce ba\u011flant\u0131n\u0131n nereye gitti\u011fini dikkatlice kontrol edin,<\/li>\n<li>Ak\u0131ll\u0131 telefonunuza veya tabletinize jailbreak yapmay\u0131n; Android\u2019de <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/android-root-faq\/3388\/\" target=\"_blank\" rel=\"noopener\">rooting<\/a>, iOS\u2019ta ise jailbreak yap\u0131lmas\u0131, izinsiz giri\u015fleri \u00e7ok daha kolay hale getirir,<\/li>\n<li><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/evil-maid\/\" target=\"_blank\" rel=\"noopener\">Yabanc\u0131lar\u0131n<\/a> eri\u015febildi\u011fi yerlerde cihazlar\u0131n\u0131z\u0131 g\u00f6zetimsiz b\u0131rakmay\u0131n,<\/li>\n<li>T\u00fcm cihazlar\u0131n\u0131za\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/advert\/security-cloud?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir koruma<\/a> y\u00fckleyin.<\/li>\n<\/ul>\n<p><strong><input type=\"hidden\" class=\"category_for_banner\" value=\"ksc\"><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FinSpy casus yaz\u0131l\u0131m\u0131 Android, iOS, macOS, Windows ve Linux kullan\u0131c\u0131lar\u0131n\u0131 hedef al\u0131yor. \u0130\u015fte FinSpy&#8217;in yapabilecekleri ve bunlardan korunma y\u00f6ntemleri.<\/p>\n","protected":false},"author":2477,"featured_media":10145,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[105,1900,1956,750,2276,1170,337,2481,333,113],"class_list":{"0":"post-10144","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-casus-yazilim","10":"tag-finspy","11":"tag-ios","12":"tag-linux","13":"tag-macos","14":"tag-sas","15":"tag-sas-2021","16":"tag-security-analyst-summit","17":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/finspy-for-windows-macos-linux\/10144\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/finspy-for-windows-macos-linux\/23484\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/finspy-for-windows-macos-linux\/18961\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/finspy-for-windows-macos-linux\/25559\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/finspy-for-windows-macos-linux\/23630\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/finspy-for-windows-macos-linux\/23065\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/finspy-for-windows-macos-linux\/26232\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/finspy-for-windows-macos-linux\/25762\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/finspy-for-windows-macos-linux\/31671\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/finspy-for-windows-macos-linux\/42383\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/finspy-for-windows-macos-linux\/17870\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/finspy-for-windows-macos-linux\/18268\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/finspy-for-windows-macos-linux\/15398\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/finspy-for-windows-macos-linux\/27553\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/finspy-for-windows-macos-linux\/27708\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/finspy-for-windows-macos-linux\/24474\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/finspy-for-windows-macos-linux\/29836\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/finspy-for-windows-macos-linux\/29634\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sas\/","name":"SAS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2477"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10144"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10144\/revisions"}],"predecessor-version":[{"id":10149,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10144\/revisions\/10149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10145"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}