{"id":10619,"date":"2022-04-12T14:50:31","date_gmt":"2022-04-12T11:50:31","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10619"},"modified":"2022-04-12T14:50:31","modified_gmt":"2022-04-12T11:50:31","slug":"fakecalls-banking-trojan","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/fakecalls-banking-trojan\/10619\/","title":{"rendered":"Fakecalls: konu\u015fan bir Truva at\u0131"},"content":{"rendered":"

Siber su\u00e7lular, her seferinde daha da karma\u015f\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor. \u00d6rne\u011fin ge\u00e7ti\u011fimiz y\u0131l, Fakecalls ad\u0131nda daha \u00f6nce g\u00f6r\u00fclmemi\u015f bir bankac\u0131l\u0131k Truva at\u0131 ortaya \u00e7\u0131kt\u0131. Bilinen casusluk \u00f6zelliklerinin yan\u0131 s\u0131ra, bir banka \u00e7al\u0131\u015fan\u0131 k\u0131l\u0131\u011f\u0131na b\u00fcr\u00fcnerek kurbanla \u201ckonu\u015fmak\u201d gibi ilgin\u00e7 bir yetene\u011fi var. Fakecalls hakk\u0131nda internette \u00e7ok az bilgi var, biz de kabiliyetlerini g\u00fcn y\u00fcz\u00fcne \u00e7\u0131karmaya karar verdik.<\/p>\n

Gizli Truva at\u0131<\/h2>\n

Fakecalls, aralar\u0131nda KB (Kookmin Bank) ve KakaoBank\u2019\u0131n da bulundu\u011fu tan\u0131nm\u0131\u015f Kore bankalar\u0131n\u0131n mobil uygulamalar\u0131n\u0131 taklit ediyor. \u0130lgin\u00e7 olan \u015fu ki, Truva at\u0131n\u0131n yarat\u0131c\u0131lar\u0131, Fakecalls ekran\u0131nda bilinen logolar\u0131n yan\u0131 s\u0131ra, ilgili bankalar\u0131n destek numaralar\u0131n\u0131 da g\u00f6steriyor. Bu telefon numaralar\u0131 ger\u00e7ek gibi g\u00f6r\u00fcn\u00fcyor. Mesela 1599-3333 numaras\u0131n\u0131, KakaoBank resmi internet sitesinin ana sayfas\u0131nda g\u00f6rmek m\u00fcmk\u00fcn.<\/p>\n

\"\"

Truva at\u0131, KB (solda) ve KakaoBank (sa\u011fda) bankac\u0131l\u0131k uygulamalar\u0131n\u0131 taklit ediyor<\/p><\/div>\n

\u00a0<\/p>\n

Truva at\u0131 y\u00fcklendi\u011finde, ki\u015filer, mikrofon ve kamera, co\u011frafi konum, \u00e7a\u011fr\u0131 y\u00f6netimi vb. dahil bir dizi \u015feye hemen eri\u015fim izni ister.<\/p>\n

Bankay\u0131 arama<\/h2>\n

Di\u011fer bankac\u0131l\u0131k Truva atlar\u0131n\u0131n aksine, Fakecalls m\u00fc\u015fteri deste\u011fi ile yap\u0131lan telefon g\u00f6r\u00fc\u015fmelerini taklit edebilir. Kurban bankan\u0131n destek hatt\u0131n\u0131 ararsa, Truva at\u0131 ba\u011flant\u0131y\u0131\u00a0 gizlice keser ve normal arama uygulamas\u0131 yerine kendi sahte arama ekran\u0131n\u0131 a\u00e7ar. \u00c7a\u011fr\u0131 normal g\u00f6r\u00fcn\u00fcr, ancak asl\u0131nda \u015fimdi her \u015fey sald\u0131rganlar\u0131n kontrol\u00fcnde.<\/p>\n

Bu a\u015famada Truva at\u0131n\u0131 ele verebilecek tek \u015fey sahte arama ekran\u0131. Fakecalls, sadece bir aray\u00fcz diline sahip: Korece. Yani, telefonda ba\u015fka bir sistem dili se\u00e7ilirse \u2014 \u00f6rne\u011fin \u0130ngilizce \u2014 kurban bu i\u015fte bir bit yeni\u011fi oldu\u011funu anlayacakt\u0131r.<\/p>\n

\"\"

Standart arama uygulamas\u0131 ekran\u0131 (solda) ve Fakecalls ekran\u0131 (sa\u011fda)<\/p><\/div>\n

\u00a0<\/p>\n

\u00c7a\u011fr\u0131 ele ge\u00e7irildikten sonra iki olas\u0131 senaryo mevcut: \u0130lkinde, Fakecalls, uygulama giden aramalar yapma iznine sahip oldu\u011fu i\u00e7in kurban\u0131 do\u011frudan siber su\u00e7lulara ba\u011flar. \u0130kincisinde ise Truva at\u0131, bankadan gelen standart selamlamay\u0131 taklit eden \u00f6nceden kaydedilmi\u015f sesi \u00e7alar.<\/p>\n

\"\"

Giden arama s\u0131ras\u0131nda \u00f6nceden kaydedilmi\u015f sesi \u00e7alan Fakecalls kod par\u00e7as\u0131<\/p><\/div>\n

\u00a0<\/p>\n

Truva at\u0131n\u0131n kurbanla ger\u00e7ek\u00e7i bir diyalog s\u00fcrd\u00fcrmesi i\u00e7in siber su\u00e7lular, sesli mesaj veya \u00e7a\u011fr\u0131 merkezi \u00e7al\u0131\u015fanlar\u0131n\u0131n genellikle s\u00f6yledi\u011fi birka\u00e7 c\u00fcmleyi (Korece) kaydetti. \u00d6rne\u011fin, kurban \u015f\u00f6yle bir \u015fey duyabilir: \u201cMerhaba. KakaoBank\u2019\u0131 arad\u0131\u011f\u0131n\u0131z i\u00e7in te\u015fekk\u00fcr ederiz. \u00c7a\u011fr\u0131 merkezimiz \u015fu anda beklenenin \u00fczerinde \u00e7a\u011fr\u0131 al\u0131yor. En k\u0131sa s\u00fcrede bir dan\u0131\u015fman sizinle ileti\u015fime ge\u00e7ecektir. <\u2026> Hizmet kalitesini art\u0131rmak i\u00e7in g\u00f6r\u00fc\u015fmeniz kaydedilecektir.\u201d Veya: \u201cKookmin Bank\u2019a ho\u015f geldiniz. G\u00f6r\u00fc\u015fmeniz kaydedilecektir. \u015eimdi sizi bir operat\u00f6re ba\u011flayaca\u011f\u0131z.\u201d<\/p>\n

Bu a\u015famadan sonra, sald\u0131rganlar, bir banka \u00e7al\u0131\u015fan\u0131n\u0131 taklit ederek, kurban\u0131, bankac\u0131l\u0131k verilerini veya di\u011fer gizli bilgilerini vermesi i\u00e7in kand\u0131rmaya \u00e7al\u0131\u015fabilir.<\/p>\n

Fakecalls, giden aramalar\u0131n yan\u0131 s\u0131ra gelen aramalar\u0131 da taklit edebilir. Siber su\u00e7lular kurbanla ileti\u015fim kurmak istedi\u011finde, Truva at\u0131 sistem ekran\u0131 yerine kendi ekran\u0131n\u0131 g\u00f6r\u00fcnt\u00fcler. Sonu\u00e7ta kullan\u0131c\u0131, siber su\u00e7lular\u0131n kulland\u0131\u011f\u0131 ger\u00e7ek numaray\u0131 de\u011fil, Truva at\u0131n\u0131n ekrana yans\u0131tt\u0131\u011f\u0131 ve banka destek hizmetinin numaras\u0131ym\u0131\u015f gibi g\u00f6r\u00fcnen telefon numaras\u0131n\u0131 g\u00f6r\u00fcr.<\/p>\n

Casus yaz\u0131l\u0131m ara\u00e7 kiti<\/h2>\n

Fakecalls, telefonla m\u00fc\u015fteri deste\u011fini taklit etmenin yan\u0131 s\u0131ra daha bilinen bankac\u0131l\u0131k Truva at\u0131 \u00f6zelliklerine de sahip. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, sald\u0131rganlar\u0131n komutuyla, kurban\u0131n telefon mikrofonunu a\u00e7\u0131p kendi sunucular\u0131na kay\u0131t g\u00f6nderebilir. Ayr\u0131ca, telefondan gizlice ger\u00e7ek zamanl\u0131 ses ve video yay\u0131nlayabilir.<\/p>\n

Bununla da bitmiyor. Y\u00fckleme s\u0131ras\u0131nda Truva at\u0131n\u0131n istedi\u011fi izinleri hat\u0131rl\u0131yor musunuz? Siber su\u00e7lular bunlar\u0131 cihaz\u0131n konumunu belirlemek, ki\u015fi listesini veya dosyalar\u0131 (foto\u011fraflar ve videolar dahil) kendi sunucular\u0131na kopyalamak, arama ve k\u0131sa mesaj ge\u00e7mi\u015fine eri\u015fmek i\u00e7in kullanabilir.<\/p>\n

Bu izinler sayesinde k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, hem kullan\u0131c\u0131y\u0131 g\u00f6zetler hem de cihaz\u0131 belirli bir dereceye kadar kontrol eder. Bu da, Truva at\u0131na gelen aramalar\u0131 reddetme ve \u00e7a\u011fr\u0131 ge\u00e7mi\u015finden silme yetkisini verir. B\u00f6ylece di\u011fer her \u015feyin yan\u0131 s\u0131ra, doland\u0131r\u0131c\u0131lar, bankalardan gelen ger\u00e7ek aramalar\u0131 engelleyebilir ve gizleyebilir.<\/p>\n

Kaspersky \u00e7\u00f6z\u00fcmleri, Trojan-Banker.AndroidOS.Fakecalls<\/em> karar\u0131 ile bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 tespit eder ve cihaz\u0131 korur.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

Ki\u015fisel verilerinizin ve paran\u0131z\u0131n siber su\u00e7lular\u0131n eline ge\u00e7mesini \u00f6nlemek i\u00e7in a\u015fa\u011f\u0131daki basit ipu\u00e7lar\u0131n\u0131 uygulay\u0131n:<\/p>\n