{"id":12828,"date":"2024-09-23T18:41:39","date_gmt":"2024-09-23T15:41:39","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=12828"},"modified":"2024-09-23T18:41:39","modified_gmt":"2024-09-23T15:41:39","slug":"new-exotic-rat-sambaspy","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/new-exotic-rat-sambaspy\/12828\/","title":{"rendered":"Yeni bir RAT: SambaSpy"},"content":{"rendered":"<p>Bug\u00fcnk\u00fc konumuz fareler! Ancak bu fareler bildi\u011fimiz uzun kuyruklular de\u011fil; dijital t\u00fcrdeki Uzaktan Eri\u015fim Truva At\u0131 ara\u00e7lar\u0131 anlam\u0131na gelen <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-access-trojan-rat\/\" target=\"_blank\" rel=\"nofollow noopener\">RAT\u2019lar<\/a>. Bunlar, sald\u0131rganlar\u0131n bir cihaza uzaktan eri\u015fim sa\u011flamak i\u00e7in kulland\u0131klar\u0131 Truva atlar\u0131d\u0131r. Tipik olarak bu RAT\u2019lar programlar\u0131 y\u00fckleyip kald\u0131rabilir, panoyu kontrol edebilir ve tu\u015f vuru\u015flar\u0131n\u0131 kaydedebilir.<\/p>\n<p>May\u0131s 2024\u2019te, yeni bir RAT t\u00fcr\u00fc olan SambaSpy radar\u0131m\u0131za girdi. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n kurbanlar\u0131n\u0131n cihazlar\u0131na nas\u0131l bula\u015ft\u0131\u011f\u0131n\u0131 ve i\u00e7eri girdikten sonra ne yapt\u0131\u011f\u0131n\u0131 \u00f6\u011frenmek i\u00e7in okumaya devam edin.<\/p>\n<h2>SambaSpy nedir?<\/h2>\n<p>SambaSpy; tespit ve analiz edilmeyi \u00e7ok daha zor hale getiren <a href=\"https:\/\/www.zelix.com\/\" target=\"_blank\" rel=\"nofollow noopener\">Zelix KlassMaster<\/a> kullan\u0131larak <a href=\"https:\/\/en.wikipedia.org\/wiki\/Obfuscation_(software)\" target=\"_blank\" rel=\"nofollow noopener\">gizlenmi\u015f<\/a>, zengin \u00f6zelliklere sahip bir RAT Truva at\u0131d\u0131r. Ancak ekibimiz bu zorlu\u011fun \u00fcstesinden geldi ve bu yeni RAT\u2019\u0131n neler yapabilece\u011fini ke\u015ffetti:<\/p>\n<ul>\n<li>Dosya sistemini ve i\u015flemleri y\u00f6netme<\/li>\n<li>Dosya indirme ve y\u00fckleme<\/li>\n<li>Web kameras\u0131n\u0131 kontrol etme<\/li>\n<li>Ekran g\u00f6r\u00fcnt\u00fcs\u00fc alma<\/li>\n<li>Parolalar\u0131 \u00e7alma<\/li>\n<li>Eklentiler y\u00fckleme<\/li>\n<li>Masa\u00fcst\u00fcn\u00fc uzaktan kontrol etme<\/li>\n<li>Tu\u015f vuru\u015flar\u0131n\u0131 g\u00fcnl\u00fc\u011fe kaydetme<\/li>\n<li>Panoyu y\u00f6netme<\/li>\n<\/ul>\n<p>Etkilendiniz mi? G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re her \u015feyi yapabilen SambaSpy, 21. y\u00fczy\u0131l James Bond k\u00f6t\u00fc adamlar\u0131 i\u00e7in m\u00fckemmel bir ara\u00e7. Ancak bu geni\u015f liste bile yeterince kapsaml\u0131 de\u011fil; <a href=\"https:\/\/securelist.com\/sambaspy-rat-targets-italian-users\/113851\/\" target=\"_blank\" rel=\"noopener\">\u00e7al\u0131\u015fmam\u0131z\u0131n tam versiyonunda<\/a> bu RAT\u2019\u0131n yetenekleri hakk\u0131nda daha fazla bilgi bulabilirsiniz.<\/p>\n<p>Ortaya \u00e7\u0131kard\u0131\u011f\u0131m\u0131z k\u00f6t\u00fc ama\u00e7l\u0131 sald\u0131r\u0131 kampanyas\u0131, yaln\u0131zca \u0130talya\u2019daki kurbanlar\u0131 hedef al\u0131yordu. Belki \u015fa\u015f\u0131racaks\u0131n\u0131z ama bu asl\u0131nda, \u0130talyanlar hari\u00e7 herkes i\u00e7in! iyi bir haber. Tehdit akt\u00f6rleri genellikle k\u00e2rlar\u0131n\u0131 maksimize etmek i\u00e7in geni\u015f bir a\u011f olu\u015fturmaya \u00e7al\u0131\u015f\u0131rlar, ancak bu sald\u0131rganlar sadece bir \u00fclkeye odaklanm\u0131\u015f. Peki bu neden iyi bir \u015fey? Sald\u0131rganlar\u0131n operasyonlar\u0131n\u0131 di\u011fer \u00fclkelere geni\u015fletmeden \u00f6nce \u0130talyan kullan\u0131c\u0131larla test ediyor olmalar\u0131 muhtemel. Biz ise hem SambaSpy\u2019\u0131 hem de ona nas\u0131l kar\u015f\u0131 neler yapabilece\u011fimizi bildi\u011fimiz i\u00e7in zaten bir ad\u0131m \u00f6ndeyiz. D\u00fcnya \u00e7ap\u0131ndaki kullan\u0131c\u0131lar\u0131m\u0131z\u0131n tek yapmas\u0131 gereken <a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcne<\/a>\u00a0sahip olduklar\u0131ndan emin olmak ve bunu sa\u011flad\u0131\u011f\u0131m\u0131z\u0131 bilerek okumaya devam etmektir.<\/p>\n<h2>Sald\u0131rganlar SambaSpy\u2019\u0131 nas\u0131l yay\u0131yor?<\/h2>\n<p>En k\u0131sa cevap: T\u0131pk\u0131 di\u011fer bir\u00e7ok RAT gibi, e-posta yoluyla. Sald\u0131rganlar; her ikisi de bir emlak acentesinden gelen mesajlar k\u0131l\u0131\u011f\u0131nda, kimlik av\u0131 e-postalar\u0131n\u0131 i\u00e7eren iki ana bula\u015fma zinciri kullanm\u0131\u015flar. E-postadaki temel bile\u015fen, bir ba\u011flant\u0131ya t\u0131klayarak faturay\u0131 kontrol etmeye y\u00f6nelik bir CTA.<\/p>\n<div id=\"attachment_12833\" style=\"width: 854px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2024\/09\/23183723\/new-exotic-rat-sambaspy-01.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-12833\" class=\"size-full wp-image-12833\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2024\/09\/23183723\/new-exotic-rat-sambaspy-01.png\" alt=\"\u0130lk bak\u0131\u015fta, e-posta ger\u00e7ek gibi g\u00f6r\u00fcn\u00fcyor. Tabii bir Alman e-posta adresinden g\u00f6nderilmesine ra\u011fmen \u0130talyanca yaz\u0131lm\u0131\u015f olmas\u0131 d\u0131\u015f\u0131nda...\" width=\"844\" height=\"440\"><\/a><p id=\"caption-attachment-12833\" class=\"wp-caption-text\">\u0130lk bak\u0131\u015fta, e-posta ger\u00e7ek gibi g\u00f6r\u00fcn\u00fcyor. Tabii bir Alman e-posta adresinden g\u00f6nderilmesine ra\u011fmen \u0130talyanca yaz\u0131lm\u0131\u015f olmas\u0131 d\u0131\u015f\u0131nda\u2026<\/p><\/div>\n<p>Ba\u011flant\u0131ya t\u0131kland\u0131\u011f\u0131nda kullan\u0131c\u0131lar, sistem dilini ve kullan\u0131lan taray\u0131c\u0131y\u0131 kontrol eden k\u00f6t\u00fc ama\u00e7l\u0131 bir web sitesine y\u00f6nlendiriliyor. Potansiyel kurbanlar\u0131n i\u015fletim sistemleri \u0130talyanca olarak ayarl\u0131ysa ve ba\u011flant\u0131y\u0131 Edge, Firefox veya Chrome\u2019da a\u00e7arlarsa, cihazlar\u0131na bir y\u00fckleyici veya indirici ile bula\u015fan k\u00f6t\u00fc ama\u00e7l\u0131 bir PDF dosyas\u0131 al\u0131rlar. \u0130kisi aras\u0131nda \u00e7ok fark yoktur; y\u00fckleyici Truva At\u0131 yaz\u0131l\u0131m\u0131n\u0131 hemen y\u00fcklerken, indirici \u00f6nce sald\u0131rganlar\u0131n sunucular\u0131ndan gerekli bile\u015fenleri indirir.<\/p>\n<p>\u0130\u015fe ba\u015flamadan \u00f6nce, hem y\u00fckleyici hem de indirici, sistemin sanal bir makinede \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 ve en \u00f6nemlisi i\u015fletim sistemi dilinin \u0130talyanca olarak ayarland\u0131\u011f\u0131n\u0131 kontrol eder. Her iki ko\u015ful da kar\u015f\u0131lan\u0131rsa cihaz enfekte olur.<\/p>\n<p>Bu kriterlere uymayan kullan\u0131c\u0131lar, dijital faturalar\u0131 saklamak ve y\u00f6netmek i\u00e7in bulut tabanl\u0131 bir \u0130talyan \u00e7\u00f6z\u00fcm\u00fc olan <a href=\"https:\/\/www.fattureincloud.it\/\" target=\"_blank\" rel=\"nofollow noopener\">FattureInCloud<\/a>\u2018un web sitesine y\u00f6nlendirilir. Bu ak\u0131ll\u0131ca k\u0131l\u0131k de\u011fi\u015ftirme, sald\u0131rganlar\u0131n yaln\u0131zca belirli bir kitleyi hedef almas\u0131na olanak tan\u0131r, \u00e7\u00fcnk\u00fc di\u011fer herkes ger\u00e7ek bir web sitesine y\u00f6nlendirilir.<\/p>\n<h2>SambaSpy\u2019\u0131n arkas\u0131nda kim var?<\/h2>\n<p>SambaSpy\u2019\u0131n bu sofistike da\u011f\u0131t\u0131m\u0131n\u0131n arkas\u0131nda hangi grubun oldu\u011funu hen\u00fcz belirleyemedik. Ancak, ikinci derece kan\u0131tlar bize sald\u0131rganlar\u0131n Brezilya Portekizcesi konu\u015ftu\u011funu g\u00f6sterdi. Ayr\u0131ca tespit edilen di\u011fer sald\u0131r\u0131larda, ayn\u0131 grup taraf\u0131ndan kullan\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 alan adlar\u0131ndan da anla\u015f\u0131laca\u011f\u0131 \u00fczere, grubun faaliyetlerini \u0130spanya ve Brezilya\u2019ya do\u011fru geni\u015fletti\u011fini de biliyoruz. Bu arada, bu t\u00fcr sald\u0131r\u0131lar art\u0131k dil kontrol\u00fcn\u00fc i\u00e7ermiyor.<\/p>\n<h2>Kendinizi SambaSpy\u2019dan nas\u0131l korursunuz?<\/h2>\n<p>Bu hikayeden \u00e7\u0131kar\u0131lacak en \u00f6nemli sonu\u00e7, herhangi bir yerde, herhangi bir dili konu\u015fan herkesin bir sonraki sald\u0131r\u0131n\u0131n hedefi olabilece\u011fine i\u015faret eden bula\u015fma y\u00f6ntemidir. Sald\u0131rganlar i\u00e7in kimi vurduklar\u0131 ya da kimlik av\u0131 tuza\u011f\u0131n\u0131n ayr\u0131nt\u0131lar\u0131 \u00f6nemli de\u011fildir. Bu sald\u0131r\u0131; bug\u00fcn bir emlak acentesinden gelen bir fatura, yar\u0131n bir vergi bildirimi ve ondan sonraki g\u00fcn ise u\u00e7ak biletleri ve hatta seyahat kuponlar\u0131 olabilir.<\/p>\n<p>\u0130\u015fte SambaSpy\u2019a kar\u015f\u0131 g\u00fcvende kalman\u0131za yard\u0131mc\u0131 olacak birka\u00e7 ipucu ve \u00f6neri:<\/p>\n<ul>\n<li>Cihaz\u0131n\u0131z herhangi bir <a href=\"https:\/\/www.kaspersky.com\/blog\/symptoms-of-infection\/45966\/\" target=\"_blank\" rel=\"noopener nofollow\">bula\u015fma belirtisi<\/a> g\u00f6stermeden \u00f6nce <a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>\u00a0y\u00fckleyin. \u00c7\u00f6z\u00fcm\u00fcm\u00fcz hem SambaSpy\u2019\u0131 hem de di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 g\u00fcvenilir bir \u015fekilde tespit eder ve etkisiz hale getirir.<\/li>\n<li>Kimlik av\u0131 e-postalar\u0131na kar\u015f\u0131 her zaman dikkatli olun. Gelen kutunuzdaki bir ba\u011flant\u0131ya t\u0131klamadan \u00f6nce bir dakikal\u0131\u011f\u0131na durun ve kendinize \u201cBu bir doland\u0131r\u0131c\u0131l\u0131k olabilir mi?\u201d diye sorun.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Kurbanlar\u0131 konusunda \u00e7ok se\u00e7ici olan yeni bir Truva at\u0131 ke\u015ffettik.<\/p>\n","protected":false},"author":2706,"featured_media":12830,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[994,995],"tags":[1900,1921,2757,1074,1753],"class_list":{"0":"post-12828","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-technology","9":"tag-casus-yazilim","10":"tag-e-posta","11":"tag-haber-bultenleri","12":"tag-kimlik-avi","13":"tag-rat"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/new-exotic-rat-sambaspy\/12828\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/new-exotic-rat-sambaspy\/28007\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/new-exotic-rat-sambaspy\/23276\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/new-exotic-rat-sambaspy\/12065\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/new-exotic-rat-sambaspy\/28164\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/new-exotic-rat-sambaspy\/27716\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/new-exotic-rat-sambaspy\/30440\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/new-exotic-rat-sambaspy\/29201\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/new-exotic-rat-sambaspy\/38246\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/new-exotic-rat-sambaspy\/52179\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/new-exotic-rat-sambaspy\/22235\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/new-exotic-rat-sambaspy\/23002\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/new-exotic-rat-sambaspy\/31640\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/new-exotic-rat-sambaspy\/28285\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/new-exotic-rat-sambaspy\/34095\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/new-exotic-rat-sambaspy\/33751\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/rat\/","name":"rat"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=12828"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12828\/revisions"}],"predecessor-version":[{"id":12835,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12828\/revisions\/12835"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/12830"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=12828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=12828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=12828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}