{"id":14390,"date":"2026-03-25T13:13:14","date_gmt":"2026-03-25T10:13:14","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14390"},"modified":"2026-03-25T13:13:14","modified_gmt":"2026-03-25T10:13:14","slug":"fake-ai-agents-infostealers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/fake-ai-agents-infostealers\/14390\/","title":{"rendered":"Yapay zeka ajanlar\u0131 k\u0131l\u0131\u011f\u0131na girmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar"},"content":{"rendered":"

K\u0131sa bir s\u00fcre \u00f6nce, k\u00f6t\u00fc niyetli akt\u00f6rlerin Google Ads arac\u0131l\u0131\u011f\u0131yla macOS i\u00e7in AMOS bilgi h\u0131rs\u0131z\u0131n\u0131 nas\u0131l yayd\u0131klar\u0131n\u0131 ve bunu yapmak i\u00e7in OpenAI\u2019nin resmi web sitesindeki bir yapay zeka asistan\u0131yla yap\u0131lan sohbeti k\u00f6t\u00fc ama\u00e7l\u0131 talimatlar\u0131 bar\u0131nd\u0131rmak \u00fczere nas\u0131l kulland\u0131klar\u0131n\u0131<\/a> ele alm\u0131\u015ft\u0131k. Konuyu biraz daha derinlemesine ara\u015ft\u0131rmaya karar verdik ve sald\u0131rganlar\u0131n, Google Arama reklamlar\u0131 arac\u0131l\u0131\u011f\u0131yla pop\u00fcler yapay zeka ara\u00e7lar\u0131 k\u0131l\u0131\u011f\u0131na girmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 kullan\u0131c\u0131lara s\u0131zd\u0131rmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 birka\u00e7 benzer k\u00f6t\u00fc niyetli kampanya tespit ettik. Ma\u011fdurlar macOS\u2019a \u00f6zel ara\u00e7lar ar\u0131yorsa, da\u011f\u0131t\u0131lan y\u00fck yine ayn\u0131 AMOS\u2019tur; Windows kullan\u0131yorlarsa ise bunun yerine Amatera bilgi h\u0131rs\u0131z\u0131 kullan\u0131l\u0131r. Bu kampanyalar, pop\u00fcler \u00c7in yapay zekas\u0131 Doubao\u2019yu, viral olan yapay zeka asistan\u0131 OpenClaw\u2019\u0131 veya kodlama asistan\u0131 Claude Code\u2019u yem olarak kullan\u0131yor. Bu, bu t\u00fcr kampanyalar\u0131n sadece ev kullan\u0131c\u0131lar\u0131 i\u00e7in de\u011fil, ayn\u0131 zamanda kurulu\u015flar i\u00e7in de bir tehdit olu\u015fturdu\u011fu anlam\u0131na geliyor.<\/p>\n

Ger\u00e7ek \u015fu ki, \u015firket \u00e7al\u0131\u015fanlar\u0131 Claude Code gibi kodlama yard\u0131mc\u0131lar\u0131n\u0131 ve OpenClaw gibi i\u015f ak\u0131\u015f\u0131 otomasyon ara\u00e7lar\u0131n\u0131 giderek daha fazla kullan\u0131yor. Bu durumun kendine \u00f6zg\u00fc riskleri<\/a> bulunuyor; bu nedenle bir\u00e7ok kurulu\u015f, bu t\u00fcr ara\u00e7lara eri\u015fimi hen\u00fcz resmi olarak onaylamam\u0131\u015f (veya masraflar\u0131n\u0131 kar\u015f\u0131lamam\u0131\u015f) durumda. Sonu\u00e7 olarak, baz\u0131 \u00e7al\u0131\u015fanlar bu pop\u00fcler ara\u00e7lar\u0131 bulmak i\u00e7in ipleri kendi ellerine al\u0131yor ve do\u011frudan Google\u2019a y\u00f6neliyor. Kullan\u0131c\u0131lar bir arama sorgusu giriyor ve k\u00f6t\u00fc ama\u00e7l\u0131 bir y\u00fckleme k\u0131lavuzuna y\u00f6nlendiren sponsorlu bir ba\u011flant\u0131 ile kar\u015f\u0131la\u015f\u0131yor. Mart ay\u0131 ba\u015f\u0131nda ortaya \u00e7\u0131kar\u0131lan bir Claude Code da\u011f\u0131t\u0131m kampanyas\u0131n\u0131 \u00f6rnek alarak, bu sald\u0131r\u0131n\u0131n nas\u0131l ger\u00e7ekle\u015fti\u011fine daha yak\u0131ndan bakal\u0131m.<\/p>\n

Arama sorgusu<\/h2>\n

\u015e\u00f6yle ki, bir kullan\u0131c\u0131 Anthropic ajan\u0131 indirebilece\u011fi bir yer aramaya ba\u015flar ve arama \u00e7ubu\u011funa \u201cClaude Code indir<\/em>\u201d gibi bir \u015fey yazar. Arama motoru, en \u00fcstte \u201csponsorlu ba\u011flant\u0131lar\u201d (\u00fccretli reklamlar) ile birlikte bir ba\u011flant\u0131 listesi verir. Bu reklamlardan biri, kullan\u0131c\u0131y\u0131 sahte belgeler i\u00e7eren k\u00f6t\u00fc ama\u00e7l\u0131 bir sayfaya y\u00f6nlendirir. \u0130lgin\u00e7 bir \u015fekilde, site, kimlik av\u0131 filtrelerini atlatmas\u0131na yard\u0131mc\u0131 olan g\u00fcvenilir bir web sitesi olu\u015fturucu olan Squarespace \u00fczerinde kurulmu\u015ftur.<\/p>\n

\"Arama<\/a>

Romanya ve Brezilya\u2019da reklamlar\u0131n yer ald\u0131\u011f\u0131 arama sonu\u00e7lar\u0131<\/p><\/div>\n

Sald\u0131rganlar\u0131n sitesi, kurulum talimatlar\u0131 da dahil olmak \u00fczere orijinal Claude Code belgelerini titizlikle taklit eder. T\u0131pk\u0131 ger\u00e7ekte oldu\u011fu gibi, kullan\u0131c\u0131dan bir komutu kopyalay\u0131p \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 ister. Ancak, \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda bir yapay zeka ajan\u0131 de\u011fil, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckler. Esasen bu, ClickFix sald\u0131r\u0131s\u0131n\u0131n bir ba\u015fka \u00e7e\u015fididir<\/a> ve kendine \u00f6zg\u00fc bir takma ad bile kazanm\u0131\u015ft\u0131r: InstallFix<\/a>.<\/p>\n

\"K\u00f6t\u00fc<\/a>

Y\u00fckleme talimatlar\u0131n\u0131 taklit eden k\u00f6t\u00fc ama\u00e7l\u0131 site<\/p><\/div>\n

\"Claude<\/a>

Y\u00fckleme talimatlar\u0131n\u0131 i\u00e7eren orijinal Claude Code sitesi<\/p><\/div>\n

Zararl\u0131 y\u00fck<\/h2>\n

T\u0131pk\u0131 orijinal Claude Code\u2019da oldu\u011fu gibi, macOS i\u00e7in olan komut da curl komut sat\u0131r\u0131 yard\u0131mc\u0131 program\u0131n\u0131 kullanarak bir uygulamay\u0131 y\u00fcklemeye \u00e7al\u0131\u015f\u0131r. Asl\u0131nda, bu sald\u0131r\u0131, Securelist\u2019teki uzmanlar\u0131m\u0131z taraf\u0131ndan daha \u00f6nce ele al\u0131nan<\/a> ve ge\u00e7mi\u015fte benzer bir sald\u0131r\u0131 kampanyas\u0131nda<\/a> da kullan\u0131lan AMOS casus yaz\u0131l\u0131m\u0131n\u0131 yayar.<\/p>\n

Windows\u2019ta bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, orijinal Claude Code\u2019da kullan\u0131lan curl yerine HTML tabanl\u0131 uygulamalar\u0131 \u00e7al\u0131\u015ft\u0131ran mshta.exe<\/em> sistem yard\u0131mc\u0131 program\u0131 arac\u0131l\u0131\u011f\u0131yla y\u00fcklenir. Bu yard\u0131mc\u0131 program, taray\u0131c\u0131 verilerini, kripto c\u00fczdan bilgilerini ve kullan\u0131c\u0131 klas\u00f6r\u00fcndeki bilgileri toplayan ve bunlar\u0131 144.124.235.102 adresindeki uzak bir sunucuya g\u00f6nderen Amatera bilgi h\u0131rs\u0131z\u0131n\u0131 y\u00fckler.<\/p>\n

\u015eirketinizin g\u00fcvenli\u011fini nas\u0131l sa\u011flayabilirsiniz?<\/h2>\n

Yapay zeka ajanlar\u0131na ilgi giderek art\u0131yor; yeni ara\u00e7lar\u0131n ortaya \u00e7\u0131kmas\u0131 ve bunlar\u0131n artan pop\u00fclaritesi, yeni sald\u0131r\u0131 vekt\u00f6rleri yarat\u0131r. \u00d6zellikle, \u00fc\u00e7\u00fcnc\u00fc taraf yapay zeka ara\u00e7lar\u0131n\u0131 kullanmaya \u00e7al\u0131\u015fmak, kurban\u0131n bilgisayar\u0131ndaki projelerin kaynak kodunu tehlikeye atmakla kalmay\u0131p; gizli bilgilerin, \u015firketin gizli dosyalar\u0131n\u0131n ve kullan\u0131c\u0131 hesaplar\u0131n\u0131n ele ge\u00e7irilmesine de yol a\u00e7abilir.<\/p>\n

Bunun ya\u015fanmas\u0131n\u0131 \u00f6nlemek i\u00e7in at\u0131lmas\u0131 gereken ilk ad\u0131m, \u00e7al\u0131\u015fanlar\u0131 bu tehlikeler ve siber su\u00e7lular\u0131n kulland\u0131\u011f\u0131 hileler konusunda bilgilendirmek olmal\u0131d\u0131r. Bu, kurumsal ortamlarda yapay zeka kullan\u0131m\u0131na dair \u00f6zel bir ders de i\u00e7eren e\u011fitim platformumuz Kaspersky Automated Security Awareness<\/a> kullan\u0131larak ger\u00e7ekle\u015ftirilebilir. Buna ek olarak, t\u00fcm kurumsal cihazlar\u0131n kendini kan\u0131tlam\u0131\u015f siber g\u00fcvenlik \u00e7\u00f6z\u00fcmleriyle<\/a> korunmas\u0131n\u0131 tavsiye ediyoruz.<\/p>\n

Ayr\u0131ca, g\u00f6lge yapay zeka kullan\u0131m\u0131n\u0131n risklerini en aza indirgemek i\u00e7in \u00fc\u00e7 yakla\u015f\u0131m\u0131<\/a> ele alan daha \u00f6nce yay\u0131nlad\u0131\u011f\u0131m\u0131z makalemize de g\u00f6z atman\u0131z\u0131 \u00f6neririz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Sald\u0131rganlar, i\u015f ak\u0131\u015f\u0131 otomasyonuna y\u00f6nelik yapay zeka ajanlar\u0131n\u0131n y\u00fcklenmesi i\u00e7in zararl\u0131 talimatlar i\u00e7eren sayfalar\u0131 yay\u0131yorlar.<\/p>\n","protected":false},"author":2787,"featured_media":14391,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[1425,2786,728,1170,1424],"class_list":{"0":"post-14390","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-ai","11":"tag-bilgi-hirsizlari","12":"tag-kotu-amacli-yazilim","13":"tag-macos","14":"tag-yapay-zeka"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/fake-ai-agents-infostealers\/14390\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/fake-ai-agents-infostealers\/30270\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/fake-ai-agents-infostealers\/25346\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/fake-ai-agents-infostealers\/13273\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/fake-ai-agents-infostealers\/30141\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/fake-ai-agents-infostealers\/29065\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/fake-ai-agents-infostealers\/31946\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/fake-ai-agents-infostealers\/30549\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/fake-ai-agents-infostealers\/41448\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/fake-ai-agents-infostealers\/55412\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/fake-ai-agents-infostealers\/23740\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/fake-ai-agents-infostealers\/24828\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/fake-ai-agents-infostealers\/33311\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/fake-ai-agents-infostealers\/30395\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/fake-ai-agents-infostealers\/36025\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/fake-ai-agents-infostealers\/35684\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bilgi-hirsizlari\/","name":"bilgi h\u0131rs\u0131zlar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2787"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14390"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14390\/revisions"}],"predecessor-version":[{"id":14394,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14390\/revisions\/14394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14391"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}