{"id":10577,"date":"2022-03-29T11:00:09","date_gmt":"2022-03-29T08:00:09","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10577"},"modified":"2022-03-29T11:00:09","modified_gmt":"2022-03-29T08:00:09","slug":"mobile-malware-2021","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/mobile-malware-2021\/10577\/","title":{"rendered":"Mobil tehditler: 2021’de kimler ak\u0131ll\u0131 telefonlar\u0131 hedef ald\u0131?"},"content":{"rendered":"

Sizi en \u00f6nemli trendler konusunda bilgilendirmek i\u00e7in s\u00fcrekli olarak mobil tehdit ortam\u0131n\u0131 izliyoruz. 2021\u2019de ak\u0131ll\u0131 telefon ve tablet sahiplerinin kar\u015f\u0131la\u015ft\u0131\u011f\u0131 tehditler hakk\u0131nda yay\u0131nlad\u0131\u011f\u0131m\u0131z rapor<\/a>un \u00fczerinden \u00e7ok zaman ge\u00e7medi. \u0130lk olarak iyi haberi verelim: Dikkat \u00e7eken \u015fey, ge\u00e7en y\u0131l mobil tehdit eylemlerinde 2020\u2019ye k\u0131yasla \u00f6nemli bir d\u00fc\u015f\u00fc\u015f ya\u015fand\u0131\u011f\u0131n\u0131 g\u00f6rmemiz oldu. Ancak bununla birlikte bu konuda rahatlamak i\u00e7in \u00e7ok erken. \u00d6ncelikle, ak\u0131ll\u0131 telefon ve tabletlere yap\u0131lan sald\u0131r\u0131 say\u0131s\u0131 2019\u2019dakiyle ayn\u0131 seviyede, yaln\u0131zca 2020\u2019deki rekor seviyeye g\u00f6re d\u00fc\u015f\u00fc\u015f g\u00f6sterdi. Bununla birlikte siber su\u00e7lular her ge\u00e7en g\u00fcn daha yarat\u0131c\u0131 hale geliyor.<\/p>\n

Reklam yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131<\/h2>\n

2021\u2019de s\u0131kl\u0131kla kullan\u0131lan trendlerden biri, bir\u00e7ok faydal\u0131 uygulama geli\u015ftiricisinin \u00e7al\u0131\u015fmalar\u0131ndan para kazanmak i\u00e7in \u00fc\u00e7\u00fcnc\u00fc taraf reklam mod\u00fcllerine k\u00f6t\u00fc ama\u00e7l\u0131 kodun eklenmesiydi. \u00d6rne\u011fin ge\u00e7ti\u011fimiz baharda siber su\u00e7lular, k\u00f6t\u00fc ama\u00e7l\u0131 bir reklam SDK\u2019s\u0131 kullanarak pop\u00fcler bir alternatif Android uygulama ma\u011fazas\u0131 olan APKPure\u2019a k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015ft\u0131rd\u0131lar<\/a>. Neyse ki ma\u011fazan\u0131n geli\u015ftiricileri g\u00fcvenlik konusunu ciddiye al\u0131yorlard\u0131 ve kendileriyle ileti\u015fime ge\u00e7ildikten bir g\u00fcn sonra temiz bir s\u00fcr\u00fcm yay\u0131nlad\u0131lar.<\/p>\n

Benzer bir hikaye, pop\u00fcler WhatsApp modu FMWhatsApp\u2019da ya\u015fand\u0131<\/a>: Uygulaman\u0131n s\u00fcr\u00fcmlerinden birindeki bir reklam SDK\u2019s\u0131 i\u00e7inde Triada Truva At\u0131<\/a> bulunuyordu. Bu Truva At\u0131, bula\u015ft\u0131\u011f\u0131 cihazdan temizlenmesinin \u00e7ok zor olmas\u0131 nedeniyle k\u00f6t\u00fc bir \u00fcne sahip. Ayr\u0131ca, Triada nadiren tek ba\u015f\u0131na bula\u015f\u0131r, kendisiyle birlikte kurban\u0131n cihaz\u0131na \u00e7ok say\u0131da ba\u015fka k\u00f6t\u00fc ama\u00e7l\u0131 uygulamay\u0131 da indirme e\u011filimindedir.<\/p>\n\n

Google Play\u2019de K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m<\/h2>\n

Yaz\u0131lar\u0131m\u0131zda bir\u00e7ok kez k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n gizlice resmi uygulama ma\u011fazalar\u0131na girebilece\u011finden<\/a> bahsettik. Siber su\u00e7lular, t\u00fcm kontrolleri ge\u00e7ip kullan\u0131c\u0131lara ula\u015fmak i\u00e7in onaylanm\u0131\u015f bir programa k\u00f6t\u00fc ama\u00e7l\u0131 kod y\u00fcklemek amac\u0131yla bir g\u00fcncelleme gibi g\u00f6r\u00fcnmek de dahil her t\u00fcrl\u00fc hileyi kullan\u0131rlar. 2021\u2019de, Google Play\u2019deki uygulamalarda Joker ve Facestealer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 da dahil bir\u00e7ok Truva at\u0131<\/a> y\u00fckleyicisi tespit edildi. Joker gizlice kullan\u0131c\u0131y\u0131 \u00fccretli servislere abone yaparken, Facestealer ad\u0131ndan da anla\u015f\u0131laca\u011f\u0131 \u00fczere Facebook kimlik bilgilerini \u00e7alma konusunda uzmanla\u015fm\u0131\u015ft\u0131.<\/p>\n

\u00c7o\u011fu durumda siber su\u00e7lular, yaratt\u0131klar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 Google Play \u00fczerinden yaymak i\u00e7in, halihaz\u0131rda ma\u011faza taraf\u0131ndan onaylanm\u0131\u015f, zarars\u0131z uygulamalara k\u00fc\u00e7\u00fck k\u00f6t\u00fc ama\u00e7l\u0131 kod yerle\u015ftirirler. \u00d6rne\u011fin, Joker Truva At\u0131\u2019n\u0131n yazarlar\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 tematik duvar ka\u011f\u0131tlar\u0131 sunan bir uygulamada gizlemek i\u00e7in Kore TV dizisi <em>Squid Game<\/em><\/em>\u2018in pop\u00fclaritesinden yararland\u0131. Joker ke\u015ffedildi\u011finde, Google Play\u2019de diziyle ilgili 200\u2019den fazla uygulama bulunuyordu ve bir\u00e7o\u011fu birbirinin \u00f6zelliklerini kullan\u0131yordu. Ma\u011faza moderat\u00f6rlerinin bu t\u00fcr programlar\u0131 tararken, k\u00f6t\u00fc niyetli bir \u201cy\u00fckseltme\u201dnin gizlice ge\u00e7mesine izin vermesi \u00e7ok da \u015fa\u015f\u0131rt\u0131c\u0131 bir durum de\u011fil. Siber su\u00e7lular\u0131n s\u00fcrekli olarak istismar etmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131 k\u00fc\u00e7\u00fck boyuttaki k\u00f6t\u00fc ama\u00e7l\u0131 kod yerle\u015ftirmelerinin denetim s\u0131ras\u0131nda tespit edilmesi zordur.<\/p>\n

\"\"

Google Play\u2019de Joker Truva At\u0131 i\u00e7eren uygulamalardan biri<\/p><\/div>\n

\u00a0<\/p>\n

Bankac\u0131l\u0131k Truva Atlar\u0131 \u2014 Yarat\u0131c\u0131 h\u0131rs\u0131zl\u0131k<\/h2>\n

Birka\u00e7 y\u0131ld\u0131r bankac\u0131l\u0131k Truva Atlar\u0131 yaln\u0131zca banka hesaplar\u0131 i\u00e7in de\u011fil, ayn\u0131 zamanda internet ma\u011fazalar\u0131 ve di\u011fer dijital hizmetlerdeki hesaplar i\u00e7in de kullan\u0131l\u0131yor. Sald\u0131rganlar\u0131n 2021\u2019de ilgi alanlar\u0131 daha da geni\u015fledi: Uzmanlar\u0131m\u0131z, PlayerUnknown\u2019s Battlegrounds<\/em> (PUBG) oyununun mobil s\u00fcr\u00fcm\u00fc i\u00e7in giri\u015f verilerini \u00e7alan Gamethief<\/a> k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 ke\u015ffettiler. Bu, oyun hesaplar\u0131n\u0131 \u00e7alma konusunda uzmanla\u015fm\u0131\u015f ilk mobil<\/em> Truva at\u0131d\u0131r \u2014 Birka\u00e7 y\u0131l \u00f6ncesine kadar bu t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar yaln\u0131zca masa\u00fcst\u00fc bilgisayarlara \u00f6zeldi.<\/p>\n

Siber su\u00e7lular, yaratt\u0131klar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n i\u015flevselli\u011fini de geli\u015ftirdiler. \u00d6rne\u011fin, Fakecalls bankac\u0131l\u0131k Truva At\u0131, kullan\u0131c\u0131, bankas\u0131yla ileti\u015fim kurmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131nda aramay\u0131 durduruyor ve \u00e7a\u011fr\u0131y\u0131 sahte bir banka temsilcisinin \u00f6nceden kaydedilmi\u015f yan\u0131t\u0131yla de\u011fi\u015ftirebiliyor. Bu y\u00f6ntemle k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurban\u0131n\u0131n, \u00e7a\u011fr\u0131y\u0131 yan\u0131tlayan ki\u015finin bir banka \u00e7al\u0131\u015fan\u0131 oldu\u011funu d\u00fc\u015f\u00fcnmesini sa\u011fl\u0131yor.<\/p>\n

Ak\u0131ll\u0131 telefonunuzu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan nas\u0131l korursunuz?<\/h2>\n

Siber su\u00e7lular olduk\u00e7a yeteneklidir ve mobil cihaz kullan\u0131c\u0131lar\u0131n\u0131 tuzaklar\u0131na d\u00fc\u015f\u00fcrmek i\u00e7in her f\u0131rsat\u0131 de\u011ferlendirirler. Bu nedenle aktivite seviyeniz ne olursa olsun, dikkatli olmakta fayda var.<\/p>\n