{"id":1601,"date":"2015-03-25T08:07:57","date_gmt":"2015-03-25T12:07:57","guid":{"rendered":"http:\/\/www.kaspersky.com.tr\/blog\/?p=1601"},"modified":"2020-02-26T18:38:23","modified_gmt":"2020-02-26T15:38:23","slug":"kotu-niyetli-sms-truva-ati-captcha-testini-gecip-para-caliyor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/kotu-niyetli-sms-truva-ati-captcha-testini-gecip-para-caliyor\/1601\/","title":{"rendered":"K\u00f6t\u00fc Niyetli SMS Truva at\u0131 CAPTCHA Testini Ge\u00e7ip Para \u00c7al\u0131yor"},"content":{"rendered":"<p>Kaspersky Lab uzmanlar\u0131 korsan i\u00e7erikleri kullananlar\u0131 hedef alan yeni ve tehlikeli zararl\u0131 bir yaz\u0131l\u0131m tespit ettiler. Podec Truva at\u0131 <a href=\"http:\/\/en.wikipedia.org\/wiki\/Search_engine_optimization#White_hat_versus_black_hat_techniques\" target=\"_blank\" rel=\"noopener nofollow\">black hat SEO tekniklerini<\/a> ve pop\u00fcler sosyal a\u011flar\u0131 (\u00fcnl\u00fc Rus sosyal a\u011f\u0131 \u2013VK.com olarakta bilinen \u2013 Vkontkte\u2019yi) kullanarak Android ak\u0131ll\u0131 telefonlara bula\u015f\u0131yor ve para \u00e7al\u0131yor.<\/p>\n<p>Sald\u0131rganlar Podec\u2019i yaymak i\u00e7in VKontakte \u00fczerinde Minecraft gibi oyunlara ait \u00e7ok say\u0131da gruplar olu\u015fturup uygulamalar y\u00fcklemi\u015fler. Ayr\u0131ca sahte hayran gruplar\u0131nda kullan\u0131c\u0131lar\u0131n ilgisini \u00e7ekmek i\u00e7in SEO uzmanlar\u0131 ile s\u0131k\u0131 bir \u00e7al\u0131\u015fma y\u00fcr\u00fctm\u00fc\u015fler.<\/p>\n<p>Zararl\u0131 yaz\u0131l\u0131mlar \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda cihaz\u0131n y\u00f6netici hakk\u0131n\u0131 kullanmak i\u00e7in izin istiyor. Kullan\u0131c\u0131 bir kere onay verdikten sonra art\u0131k yaz\u0131l\u0131m\u0131 cihazdan kald\u0131ram\u0131yor. E\u011fer kullan\u0131c\u0131 onay vermezse Truva at\u0131 onay alana kadar talepte bulunmaya devam ediyor. Dolay\u0131s\u0131 ile bu s\u00fcre\u00e7 cihaz\u0131n normal kullan\u0131m\u0131n\u0131 engelliyor.<\/p>\n<p>Uygulama onay ald\u0131ktan sonra resmi Minecraft uygulamas\u0131n\u0131 indirip kuruyor. Ard\u0131ndan uygulama listesinden ger\u00e7ek Minecraft\u2019\u0131n k\u0131sa yolunu kald\u0131rarak yerine ge\u00e7iyor.<\/p>\n<p>Ba\u015far\u0131l\u0131 bir \u015fekilde kurulumunu tamamlayan Truva at\u0131 bir ka\u00e7 senaryoya g\u00f6re hareket ediyor. Telfonu DDoS sald\u0131r\u0131s\u0131 ba\u015flatmak i\u00e7in botnet a\u011f\u0131n\u0131n bir par\u00e7as\u0131 olarak kullanmaya ba\u015fl\u0131yor. Bu durumda kullan\u0131c\u0131lar \u00fc\u00e7 \u00e7ok ciddi sorunla kar\u015f\u0131 kar\u015f\u0131ya kal\u0131yor. Birincisi telefonlar\u0131 bir su\u00e7a ortak olmu\u015f oluyor. \u0130kincisi, bot paral\u0131 internet trafi\u011fi de dahil olmak \u00fczere telefonun kaynaklar\u0131n\u0131 s\u00f6m\u00fcrmeye ba\u015fl\u0131yor. \u00d6rne\u011fin, telefonunuzu bir web sitesinin ziyaret\u00e7i say\u0131s\u0131n\u0131 art\u0131rmak i\u00e7in kullanabilir. Bu nedenle kulland\u0131\u011f\u0131 internet paketinin paras\u0131n\u0131 da siz \u00f6demek zorunda kalabilirsiniz.<\/p>\n<p>\u00dc\u00e7\u00fcnc\u00fc senaryo ise en k\u00f6t\u00fc olan\u0131, Podec telefon numaras\u0131n\u0131 paral\u0131 (SMS ba\u015f\u0131na 2 ila 20 Lira aras\u0131) i\u00e7erik sunan servislere abone yap\u0131yor. Para \u00f6rt\u00fcl\u00fc bir \u015fekilde \u00e7ekildi\u011fi i\u00e7in kullan\u0131c\u0131lar\u0131n pek \u00e7ok servise abone olduklar\u0131 durumlarda paran\u0131n nereye gitti\u011fini ke\u015ffetmeleri zaman alabiliyor.<\/p>\n<p>Bir Truva at\u0131n\u0131n robot ve insan\u0131 ay\u0131rt etmek i\u00e7in olu\u015fturulmu\u015f bir sistem olan <a href=\"https:\/\/en.wikipedia.org\/wiki\/CAPTCHA\" target=\"_blank\" rel=\"noopener nofollow\">CAPTCHA challenge-response testini<\/a> ba\u015far\u0131l\u0131 bir \u015fekilde ge\u00e7ti\u011fini de de\u011finmek laz\u0131m. Podec bunu ba\u015farmak i\u00e7in yeni bir teknoloji kullan\u0131yor. CAPTCHA taleplerini Hindistan\u2019daki ger\u00e7ek zamanl\u0131 imaj\u0131 yaz\u0131ya \u00e7eviren Anitage.com servisine g\u00f6nderiyor. Bu servis bir \u00e7a\u011fr\u0131 merkezi gibi \u00e7al\u0131\u015f\u0131yor. Saniyeler i\u00e7inde bir ki\u015fi CAPTCHA talebini g\u00f6r\u00fcp do\u011fru cevab\u0131 Podec\u2019e geri g\u00f6nderiyor. Bu nedenle Podec CAPTCHA testini piyasaya \u00e7\u0131kt\u0131\u011f\u0131 andan itibaren ge\u00e7ebilen ilk Truva at\u0131.<\/p>\n<div class=\"pullquote\">K\u00f6t\u00fc niyetli uygulama ak\u0131ll\u0131 bir \u015fekilde t\u00fcm mesaj ve arama kay\u0131tlar\u0131n\u0131 telefondan silerek su\u00e7 delillerini ortan kald\u0131r\u0131yor.<\/div>\n<p>K\u00f6t\u00fc niyetli uygulama ak\u0131ll\u0131 bir \u015fekilde t\u00fcm mesaj ve arama kay\u0131tlar\u0131n\u0131 telefondan silerek su\u00e7 delillerini ortan kald\u0131r\u0131yor.<\/p>\n<p>Podec hakk\u0131nda daha fazla bilgi almak i\u00e7in <a href=\"https:\/\/securelist.com\/analysis\/publications\/69169\/sms-trojan-bypasses-captcha\/\" target=\"_blank\" rel=\"noopener\">Securelist\u2019deki detayl\u0131 incelemeyi<\/a> okuyabilirsiniz.<\/p>\n<p><em><blockquote class=\"twitter-pullquote\"><p>K\u00f6t\u00fc niyetli SMS #Truvaat\u0131 #Podec #CAPTCHA testi pas ge\u00e7ip #para \u00e7al\u0131yor<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fv8rP&amp;text=K%C3%B6t%C3%BC+niyetli+SMS+%23Truvaat%C4%B1+%23Podec+%23CAPTCHA+testi+pas+ge%C3%A7ip+%23para+%C3%A7al%C4%B1yor\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote><\/em><\/p>\n<p>Kaspersky Lab uzmanlar\u0131 kodunun analiz edilmesini \u00f6nlemek i\u00e7in geli\u015fmi\u015f teknikler kullanan bu SMS Truva at\u0131n\u0131 ge\u00e7en senenin sonunda beri takip ediyor. 2015 ba\u015f\u0131nda analistlerimiz yaz\u0131l\u0131m\u0131n eksiksiz s\u00fcr\u00fcm\u00fcn\u00fc ele ge\u00e7irdiler. Bu yeni Truva at\u0131n\u0131n geli\u015fmesinin s\u00fcrd\u00fcr\u00fcyor gibi g\u00f6z\u00fck\u00fcyor ve yak\u0131n zamanda Podec\u2019in yeni bir s\u00fcr\u00fcm\u00fc ortaya \u00e7\u0131kabilir.<\/p>\n<p>\u0130yi haberler de var. VKontakte y\u00f6netimi baz\u0131 sahte gruplar\u0131 sitesinden sildi\u011fini (ancak hepsinin silindi\u011finin garantisi yok ) a\u00e7\u0131klad\u0131. <a href=\"https:\/\/www.kaspersky.ru\/advert\/free-trials\/multi-device-security?campaign=kl_blog&amp;redef=1&amp;THRU&amp;referer1=kl_blog&amp;referer2=kl_blog\" target=\"_blank\" rel=\"noopener\">Kaspersky Internet Security for Android<\/a> kullan\u0131c\u0131lar\u0131n\u0131n risk alt\u0131nda olmad\u0131klar\u0131n\u0131 da belirtelim. Kullan\u0131c\u0131lar\u0131m\u0131z Podec\u2019in t\u00fcm bilinen s\u00fcr\u00fcmlerine kar\u015f\u0131 korunuyorlar.<\/p>\n<p><a href=\"http:\/\/kas.pr\/kisa\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1604\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2015\/03\/06014525\/googleplay.png\" alt=\"googleplay\" width=\"144\" height=\"47\"><\/a><\/p>\n<p>Kaspersky Lab olarak, t\u00fcm kullan\u0131c\u0131lar\u0131n sadece resmi kaynaklardan uygulama kurmalar\u0131n\u0131 \u00f6neriyoruz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky Lab uzmanlar\u0131 korsan i\u00e7erikleri kullananlar\u0131 hedef alan yeni ve tehlikeli zararl\u0131 bir yaz\u0131l\u0131m tespit ettiler. Podec Truva at\u0131 black hat SEO tekniklerini ve pop\u00fcler sosyal a\u011flar\u0131 (\u00fcnl\u00fc Rus sosyal<\/p>\n","protected":false},"author":350,"featured_media":1602,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[555,105,744,587,542,625,665,579],"class_list":{"0":"post-1601","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-akilli-telefonlar","10":"tag-android","11":"tag-guvenlik","12":"tag-hackerlar","13":"tag-kaspersky-internet-security-for-android","14":"tag-koruma","15":"tag-mobil-cihazlar","16":"tag-mobil-guvenlik"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/kotu-niyetli-sms-truva-ati-captcha-testini-gecip-para-caliyor\/1601\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/akilli-telefonlar\/","name":"ak\u0131ll\u0131 telefonlar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/350"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=1601"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1601\/revisions"}],"predecessor-version":[{"id":7816,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1601\/revisions\/7816"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/1602"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=1601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=1601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=1601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}