{"id":12027,"date":"2024-02-07T16:16:48","date_gmt":"2024-02-07T13:16:48","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=12027"},"modified":"2024-02-07T16:16:48","modified_gmt":"2024-02-07T13:16:48","slug":"fake-macos-activator-steals-bitcoin-exodus-uses-dns","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/12027\/","title":{"rendered":"DNS arac\u0131l\u0131\u011f\u0131yla kripto para nas\u0131l \u00e7al\u0131n\u0131r?"},"content":{"rendered":"

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yaymak i\u00e7in k\u0131r\u0131lm\u0131\u015f oyunlar\u0131 veya uygulamalar\u0131 kullanmak siber su\u00e7lular\u0131n en eski numaralar\u0131ndan biridir. Kula\u011fa inan\u0131lmaz gelse de, Robin Hood\u2019lara inanan ve korsan web sitelerinden k\u0131r\u0131lm\u0131\u015f yaz\u0131l\u0131m ve oyun indirmenin kesinlikle g\u00fcvenli oldu\u011funu d\u00fc\u015f\u00fcnen saf kurbanlar 2024 y\u0131l\u0131nda h\u00e2l\u00e2 var. Tehdit t\u00fcr\u00fcn\u00fcn kendisi eski olabilir, ancak k\u00f6t\u00fc niyetli sald\u0131rganlar, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 da\u011f\u0131tmak i\u00e7in kurbanlar\u0131n bilgisayarlar\u0131ndaki g\u00fcvenli\u011fi atlatman\u0131n yeni yollar\u0131n\u0131 bulmaya devam ediyor.<\/p>\n

K\u0131sa s\u00fcre \u00f6nce macOS\u2019un yeni s\u00fcr\u00fcmlerini (13.6 ve \u00fcst\u00fc) \u00e7al\u0131\u015ft\u0131ran Apple bilgisayarlar\u0131n\u0131 hedef alan ve k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fcklerin indirilmesi i\u00e7in belirli Alan Ad\u0131 Sistemi (DNS) \u00f6zelliklerinden yararlanan bu t\u00fcrden yeni bir sald\u0131r\u0131 ke\u015ffettik<\/a>. Kurbanlara pop\u00fcler uygulamalar\u0131n k\u0131r\u0131lm\u0131\u015f s\u00fcr\u00fcmlerini \u00fccretsiz olarak indirmeleri teklif ediliyor. Peki \u015feytana uyanlar\u0131 ne bekliyor?<\/p>\n

Sahte aktivasyon<\/h2>\n

K\u0131r\u0131lm\u0131\u015f uygulamay\u0131 i\u00e7erdi\u011fi iddia edilen bir disk imaj\u0131n\u0131 indirdikten sonra, kurbandan Uygulamalar klas\u00f6r\u00fcne iki dosya kopyalamas\u0131 istenir: uygulaman\u0131n kendisi ve s\u00f6zde bir \u201caktivat\u00f6r\u201d. Uygulamay\u0131 kopyalay\u0131p ba\u015flat\u0131rsan\u0131z, \u00e7al\u0131\u015fmayacakt\u0131r. K\u0131lavuza g\u00f6re, k\u0131r\u0131lan uygulaman\u0131n \u00f6nce \u201cetkinle\u015ftirilmesi\u201d gerekiyor. Analizimiz, aktivat\u00f6r\u00fcn karma\u015f\u0131k bir \u015fey yapmad\u0131\u011f\u0131n\u0131 ortaya \u00e7\u0131kard\u0131: i\u015flevsel hale getirmek i\u00e7in sadece uygulaman\u0131n y\u00fcr\u00fct\u00fclebilir dosyas\u0131n\u0131n ba\u015f\u0131ndan birka\u00e7 bayt\u0131 kald\u0131r\u0131yor. Ba\u015fka bir deyi\u015fle, siber su\u00e7lular \u00f6nceden k\u0131r\u0131lm\u0131\u015f bir uygulamay\u0131, \u00f6ncesinde \u201cetkinle\u015ftirilmedi\u011fi\u201d s\u00fcrece \u00e7al\u0131\u015fmas\u0131n\u0131 engelleyecek \u015fekilde de\u011fi\u015ftiriyorlar. Aktivat\u00f6r\u00fcn hi\u00e7 kimseyi \u015fa\u015f\u0131rtmayan k\u00f6t\u00fc bir olumsuz etkisi de var: \u00c7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda y\u00f6netici izinleri istiyor ve bu izinleri sisteme bir indirme komut dosyas\u0131 y\u00fcklemek i\u00e7in kullan\u0131yor. Komut dosyas\u0131 daha sonra web\u2019den ba\u015fka bir y\u00fck indiriyor; bu, operat\u00f6rlerinden ara s\u0131ra komutlar isteyen bir arka kap\u0131<\/a>.<\/p>\n

\"Kurulum<\/a>

Kurulum k\u0131lavuzu, aktivat\u00f6r penceresi ve y\u00f6netici parolas\u0131 istemi<\/p><\/div>\n

DNS \u00fczerinden ba\u011flant\u0131<\/h2>\n

Aktivat\u00f6r, k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyas\u0131n\u0131 indirmek i\u00e7in hem al\u0131\u015f\u0131lmad\u0131k hem de masum g\u00f6r\u00fcnen bir ara\u00e7 kullan\u0131r: Alan Ad\u0131 Sistemi (DNS). Daha \u00f6nce DNS ve G\u00fcvenli DNS<\/a> hakk\u0131nda bir yaz\u0131 kaleme alm\u0131\u015ft\u0131k, ancak o yaz\u0131da hizmetin ilgin\u00e7 bir teknik \u00f6zelli\u011fini atlad\u0131k. Her DNS kayd\u0131 yaln\u0131zca bir sunucunun internet ad\u0131n\u0131 IP adresiyle ili\u015fkilendirmekle kalmaz, ayn\u0131 zamanda sunucunun TXT kayd\u0131 olarak adland\u0131r\u0131lan serbest bi\u00e7imli bir metin a\u00e7\u0131klamas\u0131n\u0131 da i\u00e7erebilir. K\u00f6t\u00fc niyetli ki\u015filer TXT kay\u0131tlar\u0131n\u0131n i\u00e7ine k\u00f6t\u00fc niyetli kod par\u00e7ac\u0131klar\u0131 yerle\u015ftirerek bu durumdan faydalan\u0131yor. Aktivat\u00f6r, k\u00f6t\u00fc ama\u00e7l\u0131 bir alan ad\u0131na ait \u00fc\u00e7 TXT kayd\u0131 indirir ve bunlardan bir komut dosyas\u0131 olu\u015fturur.<\/p>\n

G\u00f6r\u00fcn\u00fc\u015fte karma\u015f\u0131k olsa da, bu kurulumun bir dizi avantaj\u0131 vard\u0131r. Ba\u015flang\u0131\u00e7 olarak, aktivat\u00f6r \u00f6zellikle \u015f\u00fcpheli bir \u015fey yapmaz: her web uygulamas\u0131 DNS kay\u0131tlar\u0131n\u0131 ister \u2013 herhangi bir ileti\u015fim oturumu zaten bu \u015fekilde ba\u015flamal\u0131d\u0131r. \u0130kinci olarak, k\u00f6t\u00fc niyetli ki\u015filer alan ad\u0131n\u0131n TXT kay\u0131tlar\u0131n\u0131 d\u00fczenleyerek bula\u015fma modelini ve nihai y\u00fck\u00fc de\u011fi\u015ftirmek i\u00e7in komut dosyas\u0131n\u0131 kolayca g\u00fcncelleyebilir. Son olarak, Alan Ad\u0131 Sisteminin da\u011f\u0131t\u0131k yap\u0131s\u0131 nedeniyle k\u00f6t\u00fc niyetli i\u00e7eri\u011fi web\u2019den kald\u0131rmak kolay bir i\u015f de\u011fildir. \u0130nternet servis sa\u011flay\u0131c\u0131lar\u0131 ve \u015firketler politikalar\u0131n\u0131n ihlal edildi\u011fini tespit etmekte bile zorlanacaklard\u0131r \u00e7\u00fcnk\u00fc bu TXT kay\u0131tlar\u0131n\u0131n her biri kendi ba\u015f\u0131na hi\u00e7bir tehdit olu\u015fturmayan k\u00f6t\u00fc ama\u00e7l\u0131 bir kod par\u00e7ac\u0131\u011f\u0131ndan ibarettir.<\/p>\n

B\u00f6l\u00fcm sonu canavar\u0131<\/h2>\n

Periyodik olarak \u00e7al\u0131\u015fan indirme komut dosyas\u0131, sald\u0131rganlar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fck\u00fc g\u00fcncellemelerine ve kurban\u0131n bilgisayar\u0131nda istedikleri eylemleri ger\u00e7ekle\u015ftirmelerine olanak tan\u0131r. Analizimiz s\u0131ras\u0131nda, kripto para \u00e7almakla ilgilendiklerini g\u00f6sterdiler. Arka kap\u0131, kurban\u0131n bilgisayar\u0131nda Exodus veya Bitcoin c\u00fczdanlar\u0131n\u0131 otomatik olarak tarar ve bunlar\u0131 truva at\u0131 haline getirilmi\u015f versiyonlar\u0131yla de\u011fi\u015ftirir. Vir\u00fcs bula\u015fm\u0131\u015f bir Exodus c\u00fczdan\u0131, kullan\u0131c\u0131n\u0131n g\u00fcvenlik \u015fifresini ve vir\u00fcs bula\u015fm\u0131\u015f Bitcoin c\u00fczdan\u0131n\u0131 yani \u00f6zel anahtarlar\u0131 \u015fifrelemek i\u00e7in kullan\u0131lan \u015fifreleme anahtar\u0131n\u0131 \u00e7alar. Bunlardan ikincisi, sald\u0131rganlara kurban ad\u0131na transferleri imzalama olana\u011f\u0131 verir. Bu \u015fekilde korsan uygulamalar sayesinde birka\u00e7 kuru\u015f tasarruf etmeye \u00e7al\u0131\u015f\u0131rken \u00e7ok daha b\u00fcy\u00fck bir miktar\u0131 kripto para olarak kaybetmeniz m\u00fcmk\u00fcnd\u00fcr.<\/p>\n

Kripto c\u00fczdanlar\u0131na y\u00f6nelik bir sald\u0131r\u0131ya kar\u015f\u0131 kendinizi koruma<\/h2>\n

Bu yeni bir \u015fey de\u011fil ama yine de do\u011fru: bu tehditten uzak durmak ve bir kurban olmaktan ka\u00e7\u0131nmak i\u00e7in uygulamalar\u0131 yaln\u0131zca resmi ma\u011fazalardan indirin. Bir geli\u015ftiricinin web sitesinden bir uygulama indirmeden \u00f6nce, uygulaman\u0131n orijinal \u00fcr\u00fcn oldu\u011fundan ve \u00e7ok say\u0131daki kimlik av\u0131 sitelerinden<\/a> birinden gelmedi\u011finden emin olun.<\/p>\n

Bir uygulaman\u0131n k\u0131r\u0131lm\u0131\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc indirmeyi d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z, bunu bir kez daha d\u00fc\u015f\u00fcn\u00fcn. \u201cTitiz ve g\u00fcvenilir\u201d korsan siteler, elfler ve tek boynuzlu atlar kadar nadirdir.<\/p>\n

Bilgisayar okuryazarl\u0131\u011f\u0131n\u0131z, dikkatiniz ve ayr\u0131nt\u0131lara verdi\u011finiz \u00f6nem ne kadar y\u00fcksek olursa olsun, telefon, tablet ve bilgisayar gibi cihazlar\u0131n\u0131z\u0131n t\u00fcm\u00fcnde kapsaml\u0131 g\u00fcvenlik \u00f6nlemleri kulland\u0131\u011f\u0131n\u0131zdan emin olun. Kaspersky Premium<\/a> iyi bir platformlar aras\u0131 \u00e7\u00f6z\u00fcmd\u00fcr. T\u00fcm temel ve geli\u015fmi\u015f g\u00fcvenlik \u00f6zelliklerinin<\/a> etkin olup olmad\u0131\u011f\u0131n\u0131 kontrol edin. Kripto para sahipleri i\u00e7in, yukar\u0131dakilere ek olarak, hem hot<\/a> hem de cold<\/a> kripto c\u00fczdanlar\u0131n\u0131 korumaya y\u00f6nelik ayr\u0131nt\u0131l\u0131 talimatlar\u0131m\u0131z\u0131 okuman\u0131z\u0131 \u00f6neririz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

\u00d6dedi\u011finizin kar\u015f\u0131l\u0131\u011f\u0131n\u0131 al\u0131yorsunuz: k\u0131r\u0131lm\u0131\u015f macOS uygulamalar\u0131 kripto \u00e7almak i\u00e7in DNS kay\u0131tlar\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 getiriyor<\/p>\n","protected":false},"author":2749,"featured_media":12028,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[374,1903,2057,519,1336,1500,1170,2698,537],"class_list":{"0":"post-12027","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-bitcoin","9":"tag-dns","10":"tag-exodus","11":"tag-ipuclari-2","12":"tag-kripto-para-birimi","13":"tag-kripto-para-birimleri","14":"tag-macos","15":"tag-osx","16":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/12027\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/27017\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/22330\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/11386\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/29687\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/27185\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/27012\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/29606\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/28510\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/36901\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/50361\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/21445\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/22210\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/30879\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/35746\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/27410\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/33202\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/fake-macos-activator-steals-bitcoin-exodus-uses-dns\/32826\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/macos\/","name":"macOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2749"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=12027"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12027\/revisions"}],"predecessor-version":[{"id":12031,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12027\/revisions\/12031"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/12028"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=12027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=12027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=12027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}