{"id":10645,"date":"2022-04-21T12:58:38","date_gmt":"2022-04-21T09:58:38","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10645"},"modified":"2022-04-21T12:58:38","modified_gmt":"2022-04-21T09:58:38","slug":"lazarus-defi-wallet-backdoor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/lazarus-defi-wallet-backdoor\/10645\/","title":{"rendered":"DeFi c\u00fczdan\u0131nda Lazarus arka kap\u0131s\u0131"},"content":{"rendered":"<p>Ge\u00e7en y\u0131l Aral\u0131k ay\u0131n\u0131n ortalar\u0131nda, dosyalar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 tarayan online servis VirusTotal\u2019a \u015f\u00fcpheli bir dosya y\u00fcklendi. \u0130lk bak\u0131\u015fta, bir kripto para birimi c\u00fczdan\u0131 y\u00fckleyicisi gibi g\u00f6r\u00fcn\u00fcyordu. Ancak uzmanlar\u0131m\u0131z <a href=\"https:\/\/securelist.com\/lazarus-trojanized-defi-app\/106195\/\" target=\"_blank\" rel=\"noopener\">bunu analiz etti<\/a> ve c\u00fczdan\u0131n yan\u0131 s\u0131ra kullan\u0131c\u0131n\u0131n cihaz\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da bula\u015ft\u0131rd\u0131\u011f\u0131n\u0131 fark etti. G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re program, k\u00fc\u00e7\u00fck \u00e7apl\u0131 doland\u0131r\u0131c\u0131lar\u0131n de\u011fil, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/tag\/lazarus\/\" target=\"_blank\" rel=\"noopener\">Lazarus\u2019un<\/a> k\u00f6t\u00fc \u015f\u00f6hretleriyle tan\u0131nan siber su\u00e7lular\u0131n\u0131n i\u015fi.<\/p>\n<h2>Lazarus nedir?<\/h2>\n<p>Lazarus bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/apt-advanced-persistent-threats\/\" target=\"_blank\" rel=\"noopener\">APT grubudur<\/a>. Bu t\u00fcr gruplar, genellikle iyi finanse edilen, karma\u015f\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar geli\u015ftiren ve end\u00fcstriyel veya siyasi casusluk gibi <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/targeted-attack\/\" target=\"_blank\" rel=\"noopener\">hedefli sald\u0131r\u0131larda<\/a> uzmanla\u015fan siber su\u00e7 \u00f6rg\u00fctleridir. Para \u00e7almak, e\u011fer onlar\u0131 ilgilendiriyorsa, genellikle as\u0131l ama\u00e7lar\u0131 de\u011fildir.<\/p>\n<p>Ancak Lazarus, aktif olarak di\u011fer insanlar\u0131n paras\u0131n\u0131n pe\u015finde olan bir APT grubudur. 2016\u2019da grup, Banglade\u015f Merkez Bankas\u0131\u2019ndan <a href=\"https:\/\/www.kaspersky.com\/blog\/lazarus-modus-operandi-and-countermeasures\/6716\/\" target=\"_blank\" rel=\"noopener nofollow\">b\u00fcy\u00fck miktar para \u00e7ald\u0131.<\/a> 2018\u2019de bir kripto para borsas\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m <a href=\"https:\/\/www.kaspersky.com\/blog\/lazarus-crypto-exchange-attack\/23610\/\" target=\"_blank\" rel=\"noopener nofollow\">bula\u015ft\u0131rd\u0131<\/a>. 2020\u2019de <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/lazarus-vhd-ransomware\/8652\/\" target=\"_blank\" rel=\"noopener\">fidye yaz\u0131l\u0131m\u0131nda<\/a> \u015fans\u0131n\u0131 denedi.<\/p>\n<h2>Arka kap\u0131l\u0131 DeFi c\u00fczdan\u0131<\/h2>\n<p>Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z\u0131n hepsinin g\u00f6z\u00fcne tak\u0131lan dosya, yasal bir merkezi olmayan kripto c\u00fczdan\u0131 i\u00e7in vir\u00fcsl\u00fc bir y\u00fckleyici i\u00e7eriyordu. DeFi (merkezi olmayan finans), bankalar gibi arac\u0131lar\u0131n olmad\u0131\u011f\u0131 ve t\u00fcm i\u015flemlerin do\u011frudan kullan\u0131c\u0131lar aras\u0131nda yap\u0131ld\u0131\u011f\u0131 bir finansal modeli. DeFi teknolojisi, son y\u0131llarda gittik\u00e7e pop\u00fclerle\u015fiyor. <em>Forbes\u2019a<\/em> g\u00f6re, May\u0131s 2020\u2019den May\u0131s 2021\u2019e kadar DeFi sistemlerindeki varl\u0131klar\u0131n de\u011feri <a href=\"https:\/\/www.forbes.com\/sites\/lawrencewintermeyer\/2021\/05\/20\/after-growing-88x-in-a-year-where-does-defi-go-from-here\/\" target=\"_blank\" rel=\"noopener nofollow\">88 kat artt\u0131<\/a>. DeFi\u2019nin siber su\u00e7lular\u0131n ilgisini \u00e7ekmesi \u015fa\u015f\u0131rt\u0131c\u0131 de\u011fil.<\/p>\n<p>Siber su\u00e7lular\u0131n, kurbanlar\u0131, vir\u00fcsl\u00fc dosyay\u0131 indirmeye ve \u00e7al\u0131\u015ft\u0131rmaya tam olarak nas\u0131l ikna etti\u011fi pek net de\u011fil. Ancak uzmanlar\u0131m\u0131z, sald\u0131rganlar\u0131n sosyal medyada kullan\u0131c\u0131lara <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/spear-phishing\/\" target=\"_blank\" rel=\"noopener\">hedefli e-postalar<\/a> veya mesajlar g\u00f6nderdiklerini d\u00fc\u015f\u00fcn\u00fcyor. Toplu postalar\u0131n aksine, bu t\u00fcr mesajlar belirli bir al\u0131c\u0131ya g\u00f6re uyarlan\u0131r ve \u00e7ok inand\u0131r\u0131c\u0131 g\u00f6r\u00fcnebilir.<\/p>\n<p>Her durumda, kullan\u0131c\u0131 y\u00fckleyiciyi \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131nda, iki y\u00fcr\u00fct\u00fclebilir dosya olu\u015fturur: biri \u2014 k\u00f6t\u00fc ama\u00e7l\u0131 bir program, di\u011feri \u2014 temiz bir kripto c\u00fczdan\u0131 y\u00fckleyicisi. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kendisini Google Chrome taray\u0131c\u0131s\u0131 olarak maskeler. Yerine temiz bir y\u00fckleyici kopyalayarak vir\u00fcsl\u00fc y\u00fckleyicinin varl\u0131\u011f\u0131n\u0131 gizlemeye \u00e7al\u0131\u015f\u0131r ve kullan\u0131c\u0131n\u0131n hi\u00e7bir \u015feyden \u015f\u00fcphelenmemesi i\u00e7in bunu hemen \u00e7al\u0131\u015ft\u0131r\u0131r. C\u00fczdan ba\u015far\u0131yla y\u00fcklendikten sonra, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m arka planda \u00e7al\u0131\u015fmaya devam eder.<\/p>\n<h2>Ne kadar tehlikeli?<\/h2>\n<p>DeFi c\u00fczdan\u0131 ile bilgisayara giren k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/backdoor\/\" target=\"_blank\" rel=\"noopener\">arka kap\u0131d\u0131r.<\/a> Operat\u00f6r\u00fcn niyetine ba\u011fl\u0131 olarak, arka kap\u0131, bilgi toplayabilir ya da cihaz \u00fczerinde uzaktan kontrol sa\u011flayabilir. Belirtmek gerekirse,<\/p>\n<ul>\n<li>\u0130\u015flemleri ba\u015flatabilir ve sonland\u0131rabilir,<\/li>\n<li>Cihazda komutlar\u0131 y\u00fcr\u00fctebilir,<\/li>\n<li>Dosyalar\u0131 cihaza indirebilir, silebilir ve cihazdan C&amp;C sunucusuna dosya g\u00f6nderebilir.<\/li>\n<\/ul>\n<p>Ba\u015fka bir deyi\u015fle, sald\u0131r\u0131 ba\u015far\u0131l\u0131 oldu\u011funda, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m antivir\u00fcs\u00fc devre d\u0131\u015f\u0131 b\u0131rakabilir ve de\u011ferli belgelerden hesaplara ve paraya kadar istedi\u011fi her \u015feyi \u00e7alabilir. Ayr\u0131ca, siber su\u00e7lular\u0131n istedi\u011fi \u015fekilde, bilgisayara di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 programlar\u0131 da indirebilir. Her zaman oldu\u011fu gibi, uzman blogumuz Securelist\u2019te yay\u0131mlad\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/securelist.com\/lazarus-trojanized-defi-app\/106195\/\" target=\"_blank\" rel=\"noopener\">Truva at\u0131\u2019n\u0131n teknik analizinde<\/a> daha fazla ayr\u0131nt\u0131 mevcut.<\/p>\n<h2>Nas\u0131l kurban olunmaz<\/h2>\n<p>Finansmanla ve \u00f6zellikle kripto para birimiyle ilgileniyorsan\u0131z, sizi g\u00fcvenilmeyen kaynaklardan program y\u00fcklemeniz i\u00e7in ikna etmeye \u00e7al\u0131\u015fan mesajlara kar\u015f\u0131 dikkatli olun. Ek olarak,\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/internet-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kismd___\" target=\"_blank\" rel=\"noopener\">cihazlar\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011fundan emin olun<\/a> \u2014 \u00f6zellikle kripto para birimi i\u015flemleri i\u00e7in kulland\u0131\u011f\u0131n\u0131z cihazlar\u0131n. Sadece dikkatin yeterli olmad\u0131\u011f\u0131 durumlarda g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, size yard\u0131mc\u0131 olacakt\u0131r.<\/p>\n<p><strong><input type=\"hidden\" class=\"category_for_banner\" value=\"banking\"><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lazarus grubu, kripto para birimi av\u0131na devam ediyor: siber su\u00e7lular, yerle\u015fik arka kap\u0131ya sahip DeFi c\u00fczdanlar\u0131 da\u011f\u0131t\u0131yor.<\/p>\n","protected":false},"author":2477,"featured_media":10646,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[493,2190,2547,1500,1454,1986],"class_list":{"0":"post-10645","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-apt","9":"tag-arka-kapilar","10":"tag-defi","11":"tag-kripto-para-birimleri","12":"tag-lazarus","13":"tag-truva-atlari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/lazarus-defi-wallet-backdoor\/10645\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/lazarus-defi-wallet-backdoor\/24065\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/lazarus-defi-wallet-backdoor\/19551\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/lazarus-defi-wallet-backdoor\/9884\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/lazarus-defi-wallet-backdoor\/26392\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/lazarus-defi-wallet-backdoor\/24339\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/lazarus-defi-wallet-backdoor\/24698\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/lazarus-defi-wallet-backdoor\/27104\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/lazarus-defi-wallet-backdoor\/33072\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/lazarus-defi-wallet-backdoor\/44138\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/lazarus-defi-wallet-backdoor\/18806\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/lazarus-defi-wallet-backdoor\/19336\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/lazarus-defi-wallet-backdoor\/15938\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/lazarus-defi-wallet-backdoor\/28504\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/lazarus-defi-wallet-backdoor\/24960\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/lazarus-defi-wallet-backdoor\/30416\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/lazarus-defi-wallet-backdoor\/30184\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/apt\/","name":"APT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2477"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10645"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10645\/revisions"}],"predecessor-version":[{"id":10647,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10645\/revisions\/10647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10646"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}