{"id":11049,"date":"2022-09-26T13:41:22","date_gmt":"2022-09-26T10:41:22","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11049"},"modified":"2022-09-26T13:41:22","modified_gmt":"2022-09-26T10:41:22","slug":"harly-trojan-subscriber","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/harly-trojan-subscriber\/11049\/","title":{"rendered":"Harly: Google Play’de bir abonelik Truva at\u0131 daha"},"content":{"rendered":"

Resmi Google Play ma\u011fazas\u0131nda zarars\u0131z gibi g\u00f6r\u00fcnen bir\u00e7ok uygulamaya gizlenen her t\u00fcrden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mla kar\u015f\u0131la\u015fmak olduk\u00e7a yayg\u0131nd\u0131r. Ancak maalesef, platform dikkatli bir \u015fekilde denetlense bile, bu t\u00fcr uygulamalar yay\u0131nlanmadan \u00f6nce bazen moderat\u00f6rlerin g\u00f6z\u00fcnden ka\u00e7abiliyor. Kullan\u0131c\u0131lar\u0131n bilgisi olmadan \u00fccretli hizmetlere kaydolan abonelik Truva atlar\u0131, bu t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n en pop\u00fcler t\u00fcrlerinden biridir. Daha \u00f6nceki yaz\u0131lar\u0131m\u0131zda bu Truva atlar\u0131n\u0131n en yayg\u0131n ailelerini ele alm\u0131\u015ft\u0131k<\/a>. Bug\u00fcn sizlere bir ba\u015fka \u00f6rnekten bahsedece\u011fiz. Ele alaca\u011f\u0131m\u0131z abonelik Truva at\u0131 Harly, bir di\u011fer abonelik Truva at\u0131 olan ve ad\u0131n\u0131 pop\u00fcler \u00e7izgi roman k\u00f6t\u00fc karakteri Joker\u2019den alan Jocker\u2019e olduk\u00e7a benzedi\u011fi i\u00e7in Harly ad\u0131n\u0131 da Joker\u2019in yard\u0131mc\u0131s\u0131 Harley<\/a>\u2018den al\u0131yor. Dolay\u0131s\u0131yla, bu iki Truva at\u0131n\u0131n kayna\u011f\u0131 muhtemelen ayn\u0131.<\/p>\n

Harly Truva atlar\u0131\u2019n\u0131n i\u00e7y\u00fcz\u00fc<\/h2>\n

2020\u2019den beri Google Play ma\u011fazas\u0131nda Harly Truva at\u0131 ta\u015f\u0131yan 190\u2019dan fazla uygulama ke\u015ffedildi. Bu uygulamalar\u0131n indirilme say\u0131s\u0131 d\u00fc\u015f\u00fck bir tahminle 4,8 milyon olsa da, ger\u00e7ek rakam daha da fazla olabilir.<\/p>\n

\"\"

Google Play\u2019de Harly k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 ta\u015f\u0131yan uygulamalara \u00f6rnekler<\/p><\/div>\n

\u00a0<\/p>\n

Harly ailesindeki Truva atlar\u0131, t\u0131pk\u0131 Jocker Truva Atlar\u0131 gibi yasal uygulamalar\u0131 taklit eder. Peki bunlar nas\u0131l \u00e7al\u0131\u015f\u0131r? Doland\u0131r\u0131c\u0131lar, Google Play\u2019den s\u0131radan bir uygulama indirip bu uygulamaya k\u00f6t\u00fc ama\u00e7l\u0131 kod ekler ve uygulamay\u0131 farkl\u0131 bir adla Google Play\u2019e y\u00fckler. Bu t\u00fcr bir uygulama, kullan\u0131c\u0131lar\u0131na a\u00e7\u0131klama b\u00f6l\u00fcmlerinde listelenen \u00f6zellikleri hala sunabilir. Dolay\u0131s\u0131yla, kullan\u0131c\u0131lar bu uygulaman\u0131n bir tehdit olu\u015fturdu\u011funu fark etmeyebilirler.<\/p>\n

\"\"

Google Play\u2019de Harly k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 ta\u015f\u0131yan di\u011fer uygulama \u00f6rnekleri<\/p><\/div>\n

\u00a0<\/p>\n

Jocker ailesinin \u00e7o\u011fu \u00fcyesi \u00e7ok a\u015famal\u0131 indiricilerdir. Yani, y\u00fck\u00fc doland\u0131r\u0131c\u0131lar\u0131n C&C sunucular\u0131ndan al\u0131rlar. Di\u011fer yandan, Harly ailesindeki Truva atlar\u0131 uygulama i\u00e7indeki t\u00fcm y\u00fck\u00fc i\u00e7erip uygulaman\u0131n \u015fifresini \u00e7\u00f6zmek ve ba\u015flatmak i\u00e7in farkl\u0131 y\u00f6ntemler kullan\u0131rlar.<\/p>\n

\"\"

\u00dccretlerden \u015fikayet eden kullan\u0131c\u0131lar\u0131n yorumlar\u0131<\/p><\/div>\n

\u00a0<\/p>\n

Harly abonelik Truva at\u0131 nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n

Gelin, Google Play ma\u011fazas\u0131nda 10.000\u2019den fazla indirilen bir el feneri uygulamas\u0131 olan com.binbin.flashlight (md5: 2cc9ab72f12baa8c0876c1bd6f8455e7) \u00f6rne\u011fini inceleyelim.<\/p>\n

\"\"

Harly Truva at\u0131 vir\u00fcs\u00fcn\u00fc ta\u015f\u0131yan bir uygulama<\/p><\/div>\n

\u00a0<\/p>\n

Uygulaman\u0131n ba\u015flat\u0131lmas\u0131yla tehlikeli bir k\u00fct\u00fcphane y\u00fcklenir:<\/p>\n

\"\"

Tehlikeli bir k\u00fct\u00fcphane<\/p><\/div>\n

\u00a0<\/p>\n

K\u00fct\u00fcphane, uygulama kaynaklar\u0131ndan dosyan\u0131n \u015fifresini \u00e7\u00f6zer.<\/p>\n

\"\"

Uygulama kaynaklar\u0131ndan bir dosyan\u0131n \u015fifresinin \u00e7\u00f6z\u00fclmesi<\/p><\/div>\n

\u00a0<\/p>\n

\u0130\u015fin ilgin\u00e7 taraf\u0131, bu t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n geli\u015ftiricileri Go<\/a> ve Rust<\/a> dillerini nas\u0131l kullanacaklar\u0131n\u0131 \u00f6\u011frenseler de \u015fimdilik yapabilecekleri k\u00f6t\u00fc ama\u00e7l\u0131 SDK<\/a>\u2018n\u0131n \u015fifresini \u00e7\u00f6zmek ve y\u00fcklemekle s\u0131n\u0131rl\u0131.<\/p>\n

T\u0131pk\u0131 di\u011fer abonelik Truva atlar\u0131 gibi Harly de, uygulamay\u0131 indiren kullan\u0131c\u0131n\u0131n cihaz\u0131 ve \u00f6zellikle de mobil a\u011f hakk\u0131nda bilgi toplar. Ard\u0131ndan kullan\u0131c\u0131n\u0131n telefonu bir mobil a\u011fa ge\u00e7er ve Harly Truva at\u0131, C&C sunucusundan kay\u0131t olunmas\u0131 gereken aboneliklerin listesini yap\u0131land\u0131rmas\u0131n\u0131 ister.<\/p>\n

Harly Truva At\u0131 sadece Tayland\u2019a ait operat\u00f6rlerle \u00e7al\u0131\u015f\u0131r: Yani, \u00f6nce Tayland\u2019a ait olduklar\u0131ndan emin olmak i\u00e7in a\u011f operat\u00f6rlerinin benzersiz tan\u0131mlay\u0131c\u0131lar\u0131 olan MNC<\/a>\u2018leri (mobil a\u011f kodlar\u0131) kontrol eder:<\/p>\n

\"\"

MNC\u2019lerin kontrol\u00fc<\/p><\/div>\n

\u00a0<\/p>\n

Bununla birlikte, bir test MNC\u2019si olarak China Telecom\u2019un kodu olan 46011\u2019i kullan\u0131r. Bu ve benzer ipu\u00e7lar\u0131, bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n geli\u015ftiricilerinin konumunun \u00c7in oldu\u011funu g\u00f6sterir.<\/p>\n

\"\"

Test MNC\u2019si<\/p><\/div>\n

\u00a0<\/p>\n

Harly Truva at\u0131, abonelik adresini g\u00f6r\u00fcnmez bir pencerede a\u00e7ar ve JS komut dosyalar\u0131n\u0131 yerle\u015ftirerek kullan\u0131c\u0131n\u0131n telefon numaras\u0131n\u0131 girer. Ard\u0131ndan, gerekli tu\u015flara bas\u0131p k\u0131sa mesajdan gelen onay kodunu girer. Sonu\u00e7: Kullan\u0131c\u0131, fark\u0131nda bile olmadan \u00fccretli bir abonelik sat\u0131n al\u0131r.<\/p>\n

Harly Truva at\u0131n\u0131n bir di\u011fer dikkat \u00e7ekici \u00f6zelli\u011fi, i\u015flem s\u00fcreci yaln\u0131zca bir k\u0131sa mesaj koduyla korundu\u011funda de\u011fil, Truva at\u0131n\u0131n belirli bir telefon numaras\u0131n\u0131 arayarak aboneli\u011fi onaylad\u0131\u011f\u0131 bir telefon g\u00f6r\u00fc\u015fmesi ile korundu\u011funda da abone olabilmesidir.<\/p>\n

\u00dcr\u00fcnlerimiz, burada Trojan.AndroidOS.Harly ve Trojan.AndroidOS.Piom olarak tan\u0131mlad\u0131\u011f\u0131m\u0131z bu zararl\u0131 uygulamalar\u0131 tespit etme \u00f6zelli\u011fine sahiptir.<\/p>\n

Abonelik Truva atlar\u0131ndan korunman\u0131n yollar\u0131<\/h2>\n

Resmi uygulama ma\u011fazalar\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n yay\u0131lmas\u0131yla durmaks\u0131z\u0131n m\u00fccadele etse de, g\u00f6rd\u00fc\u011f\u00fcm\u00fcz gibi, daima ba\u015far\u0131l\u0131 olam\u0131yorlar. Bir uygulamay\u0131 cihaz\u0131n\u0131za y\u00fcklemeden \u00f6nce, kullan\u0131c\u0131 yorumlar\u0131n\u0131 okumal\u0131 ve Google Play\u2019deki uygulama puan\u0131n\u0131 kontrol etmelisiniz. Ancak elbette, bu yorumlar\u0131n ve puanlar\u0131n \u015fi\u015firilmi\u015f<\/a> olma ihtimalini de ak\u0131lda tutman\u0131za fayda var. Bu t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n kurban\u0131 olmay\u0131p kendini korumak i\u00e7in g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kullanman\u0131z\u0131 \u00f6neriyoruz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Abonelik Truva at\u0131 Harly’nin Android kullan\u0131c\u0131lar\u0131n\u0131 nas\u0131l hedef ald\u0131\u011f\u0131n\u0131 ele al\u0131yoruz.<\/p>\n","protected":false},"author":2492,"featured_media":11050,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[105,183,1986,2549],"class_list":{"0":"post-11049","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-google-play","10":"tag-truva-atlari","11":"tag-ucretli-abonelikler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/harly-trojan-subscriber\/11049\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/harly-trojan-subscriber\/24633\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/harly-trojan-subscriber\/20100\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/harly-trojan-subscriber\/10143\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/harly-trojan-subscriber\/27085\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/harly-trojan-subscriber\/24990\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/harly-trojan-subscriber\/25313\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/harly-trojan-subscriber\/27704\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/harly-trojan-subscriber\/27229\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/harly-trojan-subscriber\/34011\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/harly-trojan-subscriber\/45573\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/harly-trojan-subscriber\/19501\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/harly-trojan-subscriber\/20062\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/harly-trojan-subscriber\/29306\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/harly-trojan-subscriber\/32616\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/harly-trojan-subscriber\/28493\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/harly-trojan-subscriber\/25478\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/harly-trojan-subscriber\/31046\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/harly-trojan-subscriber\/30738\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/android\/","name":"android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2492"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11049"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11049\/revisions"}],"predecessor-version":[{"id":11059,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11049\/revisions\/11059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11050"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}