{"id":4375,"date":"2017-11-09T09:34:31","date_gmt":"2017-11-09T06:34:31","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4375"},"modified":"2019-11-15T14:46:55","modified_gmt":"2019-11-15T11:46:55","slug":"lokibot-trojan","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/lokibot-trojan\/4375\/","title":{"rendered":"LokiBot: \u00c7alana kadar zorluyor"},"content":{"rendered":"<p>Antik mitolojiden Hidra\u2019y\u0131 hat\u0131rlar m\u0131s\u0131n\u0131z? Hani \u015fu kesilen her bir ba\u015f\u0131n yerine iki tane ba\u015f \u00e7\u0131kan \u00e7ok ba\u015fl\u0131 canavar? Benzer bir tehlikeli canavar Android k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m hayvanat bah\u00e7esinde de ortaya \u00e7\u0131kt\u0131.<\/p>\n<h2>Bankac\u0131l\u0131\u011f\u0131n Truva At\u0131 olarak LokiBot<\/h2>\n<p>Peki, s\u0131radan bir bankac\u0131l\u0131k Truva at\u0131 nas\u0131l i\u015fler? Kullan\u0131c\u0131ya mobil bankac\u0131l\u0131k aray\u00fcz\u00fc gibi g\u00f6r\u00fcnen sahte bir ekran sunar. Hi\u00e7 \u015f\u00fcphelenmeyen kurbanlar giri\u015f bilgilerini girdi\u011finde zararl\u0131 yaz\u0131l\u0131m bu bilgileri sald\u0131rganlara y\u00f6nlendirir, b\u00f6ylece bu sald\u0131rganlar hesaplara giri\u015f yapar.<\/p>\n<p>LokiBot nas\u0131l \u00e7al\u0131\u015f\u0131r? A\u015fa\u011f\u0131 yukar\u0131 ayn\u0131 \u015fekilde \u00e7al\u0131\u015f\u0131r ama LokiBot yaln\u0131zca banka uygulamas\u0131 ekran\u0131nda de\u011fil, ayn\u0131 zamanda WhatsApp, Skype ve Outlook uygulamalar\u0131n\u0131n kullan\u0131c\u0131 ara y\u00fczlerinde de bu uygulamalardan gelen bildirimler gibi g\u00f6r\u00fcnebilir.<\/p>\n<p>Yani bir ki\u015fi muhtemelen bankas\u0131ndan hesab\u0131na para geldi\u011fini bildiren sahte bir bildirim alabilir, bu g\u00fczel haberi alan kurban do\u011frulamak i\u00e7in mobil bankac\u0131l\u0131k istemcisine giri\u015f yapar. Hatta ve hatta LokiBot s\u00f6zde para transferini g\u00f6steren bildirim g\u00f6nderdi\u011finde ak\u0131ll\u0131 telefonlarda titre\u015fim olmas\u0131n\u0131 sa\u011flar, ki bu bilgili kullan\u0131c\u0131lar\u0131n bile g\u00f6z\u00fcn\u00fc boyayabilir.<\/p>\n<p>Fakat LokiBot\u2019un ba\u015fka numaralar\u0131 da var: Bir ara y\u00fcz a\u00e7abilir, belirli sayfalarda gezinebilir ve hatta istenmeyen e-posta g\u00f6ndermek i\u00e7in vir\u00fcsl\u00fc bir cihaz bile kullanabilir, \u00f6zetle bu \u015fekilde yay\u0131l\u0131yor. Hesab\u0131n\u0131zdan para \u00e7alan LokiBot, olabildi\u011fince \u00e7ok ak\u0131ll\u0131 telefona ve tablete bula\u015fmak i\u00e7in telefon rehberindeki t\u00fcm ki\u015filere zararl\u0131 bir SMS yollayarak yoluna devam ediyor ve gerekti\u011finde gelen mesajlara cevap bile veriyor.<\/p>\n<p>LokiBot\u2019u kald\u0131rmak istedi\u011finizde, zararl\u0131 yaz\u0131l\u0131m ba\u015fka bir y\u00fcz\u00fcn\u00fc ortaya \u00e7\u0131kar\u0131yor: Bir banka hesab\u0131ndan para \u00e7almak i\u00e7in y\u00f6netici haklar\u0131na gereksinim duyuyor; izin vermeyi reddederseniz bir banka Truva at\u0131ndan fidye yaz\u0131l\u0131m\u0131na d\u00f6n\u00fc\u015f\u00fcyor.<\/p>\n<h2>Fidye yaz\u0131l\u0131m\u0131 olarak LokiBot. Vir\u00fcsl\u00fc ak\u0131ll\u0131 telefonun kilidini a\u00e7ma yollar\u0131<\/h2>\n<p>Bu durumda LokiBot ekran\u0131 kitler ve kurban\u0131 \u00e7ocuk pornografisi izlemekle su\u00e7layarak fidye talep eden bir mesaj g\u00f6r\u00fcnt\u00fcler; ayr\u0131ca cihazdaki verileri \u015fifreler. LokiBot\u2019un kodunu inceleyen ara\u015ft\u0131rmac\u0131lar kulland\u0131klar\u0131 \u015fifrelemenin zay\u0131f oldu\u011funu ve d\u00fczg\u00fcn \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 ke\u015ffetti: sald\u0131r\u0131 t\u00fcm dosyalar\u0131n \u015fifrelenmemi\u015f kopyalar\u0131n\u0131 sadece farkl\u0131 isimlerle cihazda b\u0131rak\u0131yor, yani dosyalar\u0131 yeniden y\u00fcklemek k\u0131smen kolay.<\/p>\n<p>Fakat cihaz\u0131n ekran\u0131 hala kilitli ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yarat\u0131c\u0131lar\u0131 kilidi a\u00e7mak i\u00e7in yakla\u015f\u0131k 100$ istiyor. Ama boyun e\u011fmek zorunda de\u011filsiniz: Cihaz\u0131 g\u00fcvenli moda yeniden ba\u015flatt\u0131ktan sonra, y\u00f6netici haklar\u0131n\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 \u00e7\u0131kar\u0131p <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lokibot-android-banking-trojan-turns-into-ransomware-when-you-try-to-remove-it\/\" target=\"_blank\" rel=\"noopener nofollow\">silebilirsiniz<\/a>. Bunu yapmak i\u00e7in ilk olarak hangi Android s\u00fcr\u00fcm\u00fcn\u00fc kulland\u0131\u011f\u0131n\u0131z\u0131 belirlemeniz gerekiyor.<\/p>\n<ul>\n<li>Ayarlar\u2019\u0131 Se\u00e7in.<\/li>\n<li>Genel sekmesini se\u00e7in.<\/li>\n<li>Cihaz hakk\u0131nda k\u0131sm\u0131n\u0131 se\u00e7in.<\/li>\n<li>Android s\u00fcr\u00fcm\u00fc sat\u0131r\u0131n\u0131 bulun\u2014 oradaki say\u0131lar i\u015fletim sistemi s\u00fcr\u00fcm\u00fcn\u00fcz\u00fc g\u00f6sterir<\/li>\n<\/ul>\n<p>4.4 \u2013 7.1 aras\u0131ndaki s\u00fcr\u00fcmleri olan bir cihaz\u0131 g\u00fcvenli moda almak i\u00e7in a\u015fa\u011f\u0131dakileri ad\u0131mlar\u0131 izleyin:<\/p>\n<ul>\n<li>G\u00fcc\u00fc kapat\u0131n veya G\u00fc\u00e7 kayna\u011f\u0131n\u0131 kesin se\u00e7eneklerini g\u00f6steren bir men\u00fc belirene kadar g\u00fc\u00e7 tu\u015funa bas\u0131l\u0131 tutun.<\/li>\n<li>G\u00fcc\u00fc kapat\u0131n veya G\u00fc\u00e7 kayna\u011f\u0131n\u0131 kesin se\u00e7ene\u011fine bas\u0131l\u0131 tutun.<\/li>\n<li>Gelen G\u00fcvenli modu a\u00e7 men\u00fcs\u00fcnde, TAMAM se\u00e7ene\u011fine t\u0131klay\u0131n.<\/li>\n<li>Telefonun yeniden y\u00fcklenmesini bekleyin.<\/li>\n<\/ul>\n<p>Di\u011fer Android s\u00fcr\u00fcmlerine sahip cihaz sahipleri kendi telefonlar\u0131nda g\u00fcvenli modu etkinle\u015ftirme yollar\u0131n\u0131 internetten ara\u015ft\u0131rabilirler.<\/p>\n<p>Ne yaz\u0131k ki k\u00f6t\u00fcc\u00fcl yaz\u0131l\u0131m\u0131 yok etme yolunu herkes bilmiyor: LokiBot kurbanlar\u0131 \u015fimdiden neredeyse <a href=\"http:\/\/www.securityweek.com\/removal-attempt-turns-android-banking-trojan-ransomware\" target=\"_blank\" rel=\"noopener nofollow\">1,5 milyon $<\/a> para kapt\u0131rd\u0131. Ve karaborsadaki LokiBot yaln\u0131zca 2.000 $, muhtemelen su\u00e7lular yat\u0131r\u0131mlar\u0131n\u0131 bir\u00e7ok kez geri \u00f6dedi.<\/p>\n<h2>LokiBot\u2019tan korunma yollar\u0131<\/h2>\n<p>Asl\u0131nda LokiBot\u2019tan korunmak i\u00e7in al\u0131nabilecek \u00f6nlemler t\u00fcm mobil k\u00f6t\u00fcc\u00fcl yaz\u0131l\u0131mlara uygulanabilir. Kendinizi koruma yollar\u0131:<\/p>\n<p>\u2013 \u015e\u00fcpheli linklere asla t\u0131klamay\u0131n \u2014 LokiBot bu \u015fekilde yay\u0131l\u0131yor.<\/p>\n<p>\u2013 Uygulamalar\u0131 yaln\u0131zca Google Play\u2019den indirin \u2014 ama resmi markette bile <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/dont-believe-google-play-ratings\/2393\/\" target=\"_blank\" rel=\"noopener\">dikkatli olun<\/a>.<\/p>\n<p>\u2013 Ak\u0131ll\u0131 telefonunuza veya tabletinize g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc y\u00fckleyin. Kaspersky \u0130nternet Security for Android, LokiBot\u2019un t\u00fcm \u00e7e\u015fitlerini tespit eder. \u00dccretli s\u00fcr\u00fcm\u00fcnde yeni uygulamalar y\u00fckledi\u011finizde ak\u0131ll\u0131 telefonunuzda tarama yapman\u0131za gerek yoktur.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"android-malware\">\n","protected":false},"excerpt":{"rendered":"<p>S\u0131radan bir bankac\u0131l\u0131k Truva at\u0131 nas\u0131l i\u015fler? Kullan\u0131c\u0131ya mobil bankac\u0131l\u0131k aray\u00fcz\u00fc gibi g\u00f6r\u00fcnen sahte bir ekran sunar. Hi\u00e7 \u015f\u00fcphelenmeyen kurbanlar giri\u015f bilgilerini girdi\u011finde k\u00f6t\u00fcc\u00fcl yaz\u0131l\u0131m bu bilgileri sald\u0131rganlara y\u00f6nlendirir, b\u00f6ylece bu sald\u0131rganlar hesaplara giri\u015f yapar.<\/p>\n","protected":false},"author":2458,"featured_media":4376,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[105,1045,591,1433,921,537,241],"class_list":{"0":"post-4375","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-bankacilik-trojani","10":"tag-fidye-yazilimi","11":"tag-lokibot","12":"tag-sifreleyici","13":"tag-tehditler","14":"tag-trojan"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/lokibot-trojan\/4375\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/lokibot-trojan\/11746\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/lokibot-trojan\/9786\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/lokibot-trojan\/13167\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/lokibot-trojan\/12066\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/lokibot-trojan\/11693\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/lokibot-trojan\/14718\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/lokibot-trojan\/14447\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/lokibot-trojan\/19131\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/lokibot-trojan\/20030\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/lokibot-trojan\/9740\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/lokibot-trojan\/9909\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/lokibot-trojan\/8480\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/lokibot-trojan\/15174\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/lokibot-trojan\/8828\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/lokibot-trojan\/18627\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/lokibot-trojan\/19019\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/lokibot-trojan\/19012\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2458"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4375"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4375\/revisions"}],"predecessor-version":[{"id":7009,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4375\/revisions\/7009"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4376"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}