{"id":11103,"date":"2022-10-13T11:26:25","date_gmt":"2022-10-13T08:26:25","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11103"},"modified":"2022-10-13T11:26:25","modified_gmt":"2022-10-13T08:26:25","slug":"why-messenger-mods-are-dangerous","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/why-messenger-mods-are-dangerous\/11103\/","title":{"rendered":"Mesajla\u015fma uygulamas\u0131 modifikasyonlar\u0131 neden tehlikeli"},"content":{"rendered":"<p>YoWhatsApp olarak bilinen ba\u015fka bir WhatsApp modifikasyonunun daha k\u00f6t\u00fc ama\u00e7l\u0131 oldu\u011fu ortaya \u00e7\u0131kt\u0131. Modifikasyon, ak\u0131ll\u0131 telefonlara reklam g\u00f6steren, kullan\u0131c\u0131y\u0131 \u00fccretli i\u00e7eriklere gizlice abone yapan ve WhatsApp hesaplar\u0131n\u0131 \u00e7alan Triada Truva At\u0131n\u0131 indiriyor. Peki bu nas\u0131l oldu ve \u00e7\u0131karabilece\u011fimiz dersler neler?<\/p>\n<h2>Timsahlar\u0131 elinizle beslemeyin: Basit siber g\u00fcvenlik kurallar\u0131<\/h2>\n<p>Bilgi g\u00fcvenli\u011finin en \u00f6nemli kural\u0131 riskleri azaltmak. Bunun i\u00e7in:<\/p>\n<ul>\n<li>\u015e\u00fcpheli web sitelerini ziyaret etmeyin, k\u00f6t\u00fc ama\u00e7l\u0131 reklamlar bar\u0131nd\u0131rabiliyor ya da kimlik av\u0131 doland\u0131r\u0131c\u0131l\u0131\u011f\u0131 i\u00e7in kullan\u0131l\u0131yor olabilirler.<\/li>\n<li>Hacklenmi\u015f program s\u00fcr\u00fcmlerini torrent ile indirmeyin. <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/crack\/\" target=\"_blank\" rel=\"noopener\">Crack\u2019ler<\/a>, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan-psw-psw-password-stealing-ware\/\" target=\"_blank\" rel=\"noopener\">parola \u00e7alma Truva Atlar\u0131<\/a> gibi \u00e7e\u015fitli k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar i\u00e7erebilir.<\/li>\n<li>Bilinmeyen adreslerden gelen e-postalardaki ba\u011flant\u0131lara t\u0131klamay\u0131n ve ekleri a\u00e7may\u0131n, buralarda her t\u00fcrl\u00fc k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m olabilir.<\/li>\n<\/ul>\n<p>\u0130\u015fin \u00f6z\u00fc, dikkatli olmak kendinizi siber tehditlere kar\u015f\u0131 koruma konusunda \u00e7ok i\u015finize yarar.<\/p>\n<p>Ayn\u0131 zamanda antivir\u00fcs\u00fcn\u00fcz\u00fc etkin ve g\u00fcncel tutman\u0131z da \u00e7ok \u00f6nemli, herhangi bir \u015fey olmas\u0131 durumunda bu sizin sigortan\u0131z. Gece ge\u00e7 saatte \u0131ss\u0131z bir sokaktan ge\u00e7menin \u00e7evrimi\u00e7i kar\u015f\u0131l\u0131\u011f\u0131na denk gelen \u015feyler yaparak \u015fans\u0131n\u0131z\u0131 zorlamay\u0131n. Biraz sa\u011fduyuyla doland\u0131r\u0131c\u0131lara yem olma ihtimalinizi b\u00fcy\u00fck \u00f6l\u00e7\u00fcde azalt\u0131rs\u0131n\u0131z.<\/p>\n<p>Yukar\u0131dakilere ek olarak, ba\u015f\u0131n\u0131za k\u00f6t\u00fc bir \u015fey gelme olas\u0131l\u0131\u011f\u0131n\u0131 azaltmak i\u00e7in yapman\u0131z gerekenler listesine eklenmesi gereken bir \u015fey daha var: Resmi olmayan kaynaklardan mobil uygulama indirmeyin. Google ve Apple, ma\u011fazalar\u0131na eklemeden \u00f6nce uygulamalar\u0131 do\u011frular. Bu sayede k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla kar\u015f\u0131la\u015fma olas\u0131l\u0131\u011f\u0131n\u0131z \u00e7ok azal\u0131r (yine de tamamen yok olmaz, \u00f6zellikle de <a href=\"https:\/\/www.kaspersky.com\/blog\/harly-trojan-subscriber\/45573\/\" target=\"_blank\" rel=\"noopener nofollow\">Google Play\u2019de<\/a>). Huawei de Huawei AppGallery i\u00e7in ayn\u0131s\u0131n\u0131 yap\u0131yor, ancak burada da halihaz\u0131rda baz\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar bulundu. Yine de <a href=\"https:\/\/en.wikipedia.org\/wiki\/Apk_(file_format)\" target=\"_blank\" rel=\"noopener nofollow\">APK dosyas\u0131<\/a> indirmenize izin veren a\u00e7\u0131k platformlarda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla kar\u015f\u0131la\u015fma olas\u0131l\u0131\u011f\u0131n\u0131z \u00e7ok daha fazla.<\/p>\n<p>\u00d6nemli bir g\u00fcvenlik kural\u0131 daha var: Mesajla\u015fma uygulamalar\u0131 i\u00e7in resmi olmayan istemciler kullanmay\u0131n. Bunun neden \u00f6nemli oldu\u011funu anlamak i\u00e7in mesajla\u015fma uygulamalar\u0131n\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131na biraz daha yak\u0131ndan bakal\u0131m.<\/p>\n<p>Bu uygulamalar\u0131n \u00e7o\u011fu, kullan\u0131c\u0131n\u0131n do\u011frudan istemci uygulamayla etkile\u015fim kurdu\u011fu <a href=\"https:\/\/en.wikipedia.org\/wiki\/Client%E2%80%93server_model\" target=\"_blank\" rel=\"noopener nofollow\">\u00a0<\/a> modeline g\u00f6re \u00e7al\u0131\u015f\u0131r. \u0130stemci ile sunucu aras\u0131ndaki veri al\u0131\u015fveri\u015fi \u00f6zel bir <a href=\"https:\/\/tr.wikipedia.org\/wiki\/%C4%B0leti%C5%9Fim_protokol%C3%BC\" target=\"_blank\" rel=\"noopener nofollow\">protokol<\/a> ile ger\u00e7ekle\u015fir. Bir\u00e7ok mesajla\u015fma uygulamas\u0131nda bu protokol a\u00e7\u0131kt\u0131r. Bu da \u00f6rne\u011fin di\u011fer kullan\u0131c\u0131lar\u0131n sildi\u011fi mesajlar\u0131 g\u00f6r\u00fcnt\u00fclemek, toplu mesajlar olu\u015fturmak veya aray\u00fcz\u00fc \u00f6zelle\u015ftirmek gibi ilave \u00f6zelliklere sahip resmi olmayan modifiye istemciler yaratmay\u0131 m\u00fcmk\u00fcn k\u0131lar.<\/p>\n<p>Tehlike nerede? Resmi istemcilerde yaz\u0131\u015fmalar\u0131n\u0131z\u0131 yaln\u0131zca mesajla\u015fma uygulamas\u0131n\u0131n yarat\u0131c\u0131s\u0131na emanet edersiniz. Resmi olmayan bir istemci kulland\u0131\u011f\u0131n\u0131zda ise yaz\u0131\u015fmalar\u0131n\u0131z\u0131 yaln\u0131zca mesajla\u015fma sisteminin geli\u015ftiricilerine de\u011fil, ayn\u0131 zamanda resmi olmayan istemci uygulaman\u0131n geli\u015ftiricilerine de vermi\u015f olursunuz. \u00dcst\u00fcne \u00fcstl\u00fck, modifiye istemci resmi olmayan kaynaklar \u00fcst\u00fcnden da\u011f\u0131t\u0131l\u0131yor olabilir (bunlara g\u00fcvenilmemesi gerekti\u011finden bahsetmi\u015ftik). T\u00fcm bunlar, bir \u015feylerin ters gidebilece\u011fi ekstra a\u015famalar demek. Di\u011fer bir deyi\u015fle, ekstra riskleri var.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic-2\">\n<h2>N\u2019aber, Triada<\/h2>\n<p>Elbette bir \u015feyler ger\u00e7ekten de ters gitti ve ge\u00e7en sene bahsetti\u011fimiz senaryo tekrarland\u0131. Hat\u0131rlatmak gerekirse: Sald\u0131rganlar, kullan\u0131c\u0131 cihazlar\u0131na \u00e7ok i\u015flevli bir Truva At\u0131 olan <a href=\"https:\/\/www.kaspersky.com\/blog\/triada-trojan\/11481\/\" target=\"_blank\" rel=\"noopener nofollow\">Triada<\/a>\u2018y\u0131 indiren bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan-droppers\/\" target=\"_blank\" rel=\"noopener\">dropper\u2019\u0131<\/a> <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/fmwhatsapp-mod-downloads-malware\/9954\/\" target=\"_blank\" rel=\"noopener\">FMWhatsapp modifikasyonuna bula\u015ft\u0131rm\u0131\u015ft\u0131<\/a>. Bu mod\u00fcler Truva At\u0131 genel olarak reklam g\u00f6steriyor ve kullan\u0131c\u0131y\u0131 \u00fccretli bir tak\u0131m i\u00e7erikleri abone yap\u0131yor.<\/p>\n<p>\u015eimdi de ayn\u0131 \u015fey oldu. Mesajla\u015fma uygulamas\u0131 ayn\u0131 fakat resmi olmayan istemci farkl\u0131. Bu sefer YoWa olarak da bilinen YoWhatsApp modifikasyonuna <a href=\"https:\/\/securelist.com\/malicious-whatsapp-mod-distributed-through-legitimate-apps\/107690\/\" target=\"_blank\" rel=\"noopener\">vir\u00fcs bula\u015ft\u0131<\/a>. Bu modifikasyonun geni\u015fletilmi\u015f gizlilik se\u00e7enekleri, 700 MB\u2019a kadar dosya g\u00f6nderebilme ve artt\u0131r\u0131lm\u0131\u015f h\u0131z gibi kullan\u0131c\u0131lara cazip gelen y\u00f6nleri var.<\/p>\n<p>G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re YoWhatsApp geni\u015f kullan\u0131c\u0131 taban\u0131 y\u00fcz\u00fcnden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mc\u0131lar\u0131n g\u00f6z\u00fcne \u00e7arpt\u0131. Modifikasyonun Google Play\u2019e girememesi de su\u00e7lular\u0131n ekme\u011fine ya\u011f s\u00fcrd\u00fc. Kullan\u0131c\u0131lar YoWhatsApp\u2019\u0131 g\u00fcvenilirli\u011fi \u015f\u00fcpheli kaynaklardan indirmeye al\u0131\u015fk\u0131nd\u0131. Modifikasyonun vir\u00fcsl\u00fc s\u00fcr\u00fcm\u00fcn\u00fcn ana da\u011f\u0131t\u0131m kanallar\u0131ndan biri, video ve ses indirmeye y\u00f6nelik bir uygulama olan <a href=\"https:\/\/en.wikipedia.org\/wiki\/Snaptube\" target=\"_blank\" rel=\"noopener nofollow\">SnapTube<\/a>\u2018daki reklamlard\u0131. Reklamlar\u0131ndan birinin k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yayd\u0131\u011f\u0131ndan b\u00fcy\u00fck olas\u0131l\u0131kla SnapTube\u2019un sahipleri de \u015f\u00fcphelenmemi\u015fti.<\/p>\n<p>Kullan\u0131c\u0131lar cihazlar\u0131na vir\u00fcsl\u00fc YoWhatsApp\u2019\u0131n yan\u0131 s\u0131ra Triada Truva At\u0131n\u0131 ta\u015f\u0131yan bir dropper da indirdiler. Ge\u00e7en y\u0131lki sald\u0131r\u0131n\u0131n aksine bu sefer Truva At\u0131yla gelen tek \u015fey dropper de\u011fildi. YoWhatsApp\u2019a, WhatsApp\u2019\u0131n \u00e7al\u0131\u015fmas\u0131 i\u00e7in gereken anahtarlar\u0131n su\u00e7lular taraf\u0131ndan \u00e7al\u0131nmas\u0131na olanak sa\u011flayan ilave bir \u00f6zellik eklenmi\u015fti. Bu anahtarlar sayesinde hesap \u00e7al\u0131nabiliyor ve \u00e7al\u0131nan hesaplar k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yaymak ya da kurban\u0131n rehberindeki ki\u015filerde para s\u0131zd\u0131rmak i\u00e7in kullan\u0131labiliyordu.<\/p>\n<p>Bunun sonucunda kullan\u0131c\u0131 yaln\u0131zca paras\u0131ndan olmakla kalm\u0131yor (Triada kendisini \u00fccretli aboneliklere kaydetti\u011fi i\u00e7in), ayn\u0131 zamanda listesindeki ki\u015filerin g\u00fcvenli\u011fini de tehlikeye at\u0131yordu. Su\u00e7lular, bu ki\u015filere kullan\u0131c\u0131n\u0131n ad\u0131yla mesaj atabiliyordu.<\/p>\n<h2>Android\u2019deki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan korunman\u0131n yollar\u0131<\/h2>\n<p>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla sava\u015fman\u0131n en iyi yolu, en ba\u015fta bu yaz\u0131l\u0131mlar\u0131 kapabilece\u011finiz durumlardan ka\u00e7\u0131nmakt\u0131r. Bu durumda kendinizi korumak i\u00e7in uyman\u0131z gereken \u00fc\u00e7 basit kural var:<\/p>\n<ul>\n<li>Bilinmeyen kaynaklardan uygulama indirmeyin. Hatta, Android ak\u0131ll\u0131 telefonunuza Google Play d\u0131\u015f\u0131nda bir yerden uygulama y\u00fcklenebilmesini <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/unknown-apps-android\/10015\/\" target=\"_blank\" rel=\"noopener\">engelleyin<\/a>.<\/li>\n<li>Mesajla\u015fma uygulamalar\u0131n\u0131n alternatif istemcilerini y\u00fcklemeyin. Uygulamalar\u0131n resmi s\u00fcr\u00fcmleri de kusursuz olmasa da \u00e7ok daha g\u00fcvenilir ve g\u00fcvenlidir.<\/li>\n<li>\u0130yi bir koruma kullan\u0131n ve bu korumay\u0131 daima etkin tutun. <a href=\"https:\/\/www.kaspersky.com.tr\/mobile-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____c8090141bf3f79f6\" target=\"_blank\" rel=\"noopener\">Kaspersky for Android<\/a>, Triada Truva At\u0131n\u0131n farkl\u0131 modifikasyonlar\u0131n\u0131 ve di\u011fer Android k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n\u0131 tespit eder ve herhangi bir zarar verme f\u0131rsat\u0131 bulmalar\u0131ndan \u00f6nce engeller. Mobil korumam\u0131z\u0131n \u00fccretsiz s\u00fcr\u00fcm\u00fcnde telefonunuza yeni bir \u015fey indirdi\u011finizde veya y\u00fckledi\u011finizde her seferinde manuel olarak taramay\u0131 ba\u015flatman\u0131z gerekti\u011fini unutmay\u0131n. Tam s\u00fcr\u00fcm her uygulamay\u0131 otomatik olarak tarar.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"android-malware\">\n","protected":false},"excerpt":{"rendered":"<p>WhatsApp&#8217;\u0131n bir di\u011fer modifikasyonunun daha k\u00f6t\u00fc ama\u00e7l\u0131 oldu\u011fu ortaya \u00e7\u0131kt\u0131. Ne ya\u015fand\u0131\u011f\u0131n\u0131 ve kendinizi nas\u0131l koruyabilece\u011finizi anlat\u0131yoruz.<\/p>\n","protected":false},"author":696,"featured_media":11104,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[105,691,537,2401,1986,531],"class_list":{"0":"post-11103","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-android","10":"tag-mesajlasma-uygulamalari","11":"tag-tehditler","12":"tag-triada","13":"tag-truva-atlari","14":"tag-whatsapp"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/why-messenger-mods-are-dangerous\/11103\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/why-messenger-mods-are-dangerous\/24761\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/why-messenger-mods-are-dangerous\/20239\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/why-messenger-mods-are-dangerous\/27238\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/why-messenger-mods-are-dangerous\/25089\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/why-messenger-mods-are-dangerous\/25406\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/why-messenger-mods-are-dangerous\/27956\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/why-messenger-mods-are-dangerous\/27287\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/why-messenger-mods-are-dangerous\/34093\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/why-messenger-mods-are-dangerous\/45788\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/why-messenger-mods-are-dangerous\/19614\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/why-messenger-mods-are-dangerous\/20183\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/why-messenger-mods-are-dangerous\/29398\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/why-messenger-mods-are-dangerous\/32651\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/why-messenger-mods-are-dangerous\/28549\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/why-messenger-mods-are-dangerous\/25518\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/why-messenger-mods-are-dangerous\/31136\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/why-messenger-mods-are-dangerous\/30826\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/android\/","name":"android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11103"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11103\/revisions"}],"predecessor-version":[{"id":11106,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11103\/revisions\/11106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11104"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}