{"id":5847,"date":"2019-04-09T12:16:34","date_gmt":"2019-04-09T09:16:34","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5847"},"modified":"2019-11-15T14:30:36","modified_gmt":"2019-11-15T11:30:36","slug":"macos-exe-malware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/macos-exe-malware\/5847\/","title":{"rendered":"Mac’inize EXE bula\u015fmas\u0131"},"content":{"rendered":"

Daha \u00f6nce defalarca s\u00f6yledi\u011fimiz gibi, macOS\u2019un zarar verilemez oldu\u011fu fikri bir mitten ibarettir<\/a>. Son zamanlarda siber su\u00e7lular, macOS\u2019un yerle\u015fik koruma mekanizmas\u0131n\u0131n etraf\u0131ndan dolanmak i\u00e7in yeni bir yol daha buldu. Vir\u00fcs bula\u015fan sistemle ilgili toplad\u0131klar\u0131 verileri, normalde yaln\u0131zca Windows\u2019ta \u00e7al\u0131\u015fan EXE uzant\u0131s\u0131na sahip dosyalar\u0131 kullanan reklam yaz\u0131l\u0131mlar\u0131na yerle\u015ftirdiler<\/a>. Mac kullan\u0131c\u0131lar\u0131na vir\u00fcs bula\u015ft\u0131ran bir EXE dosyas\u0131 m\u0131? Tuhaf ama bu y\u00f6ntem ger\u00e7ekten de i\u015fe yar\u0131yor.<\/p>\n

Bir bula\u015fma \u00f6yk\u00fcs\u00fc: K\u00f6t\u00fc ama\u00e7l\u0131 EXE yaz\u0131l\u0131mlar\u0131yla dolu korsan bir g\u00fcvenlik duvar\u0131<\/h2>\n

\u0130ronik olan, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n herhangi bir yere de\u011fil, bir g\u00fcvenlik<\/em> \u00fcr\u00fcn\u00fcn\u00fcn, Little Snitch g\u00fcvenlik duvar\u0131n\u0131n korsan bir kopyas\u0131na eklenmi\u015f olmas\u0131. Tahmin edilebilece\u011fi \u00fczere, lisans i\u00e7in para \u00f6demekten ka\u00e7\u0131nan kullan\u0131c\u0131lar\u0131n ba\u015f\u0131 a\u011fr\u0131d\u0131.<\/p>\n

G\u00fcvenlik duvar\u0131n\u0131n vir\u00fcsl\u00fc s\u00fcr\u00fcmleri, torrent kullan\u0131larak yay\u0131ld\u0131. Kurbanlar, bilgisayarlar\u0131na DMG format\u0131nda bir disk g\u00f6r\u00fcnt\u00fcs\u00fc i\u00e7eren ZIP dosyalar\u0131 indirdi. Buraya kadar her \u015fey normal. Fakat bu DMG dosyas\u0131n\u0131n i\u00e7eri\u011fine daha yak\u0131ndan bak\u0131nca, i\u00e7inde belirli bir intaller.exe bulunan MonoBundle klas\u00f6r\u00fc oldu\u011fu ortaya \u00e7\u0131k\u0131yor. Bu, normal bir macOS nesnesi de\u011fil; EXE dosyalar\u0131 genelde Mac cihazlarda \u00e7al\u0131\u015fmaz.<\/p>\n

Gatekeeper buna g\u00f6z yumuyor<\/h3>\n

Hatta macOS, y\u00fcr\u00fct\u00fclebilir Windows dosyalar\u0131n\u0131 macOS\u2019ta o kadar desteklemiyor ki<\/em>, Gatekeeper (\u015f\u00fcpheli programlar\u0131n \u00e7al\u0131\u015fmas\u0131n\u0131 \u00f6nleyen bir macOS g\u00fcvenlik \u00f6zelli\u011fi) EXE dosyalar\u0131n\u0131 g\u00f6rmezden geliyor. Bu gayet anla\u015f\u0131labilir: Aktif olmad\u0131\u011f\u0131 apa\u00e7\u0131k dosyalar\u0131 tarayarak sistemi a\u015f\u0131r\u0131 y\u00fcklemek pek de mant\u0131kl\u0131 de\u011fil; hele ki Apple\u2019\u0131n sat\u0131\u015f noktalar\u0131ndan birinin i\u015fletim h\u0131z\u0131 oldu\u011fu d\u00fc\u015f\u00fcn\u00fcl\u00fcrse.<\/p>\n

\u0130\u015fin i\u00e7inde bir \u201cama\u201d olmasa her \u015fey yolunda olabilirdi, \u201cama\u201d: Bir\u00e7ok program Windows i\u00e7in mevcut ve bazen Mac kullan\u0131c\u0131lar\u0131 da bunlardan baz\u0131lar\u0131na ihtiya\u00e7 duyuyor. Bu y\u00fczden platforma \u00f6zg\u00fc olmayan dosyalar\u0131 \u00e7al\u0131\u015ft\u0131rmak i\u00e7in \u00e7e\u015fitli \u00e7\u00f6z\u00fcmler var. Kullan\u0131c\u0131lar\u0131n Windows uygulamalar\u0131n\u0131 macOS da dahil di\u011fer i\u015fletim sistemlerinde \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 sa\u011flayan \u00fccretsiz bir sistem olan Mono altyap\u0131s\u0131, bunlardan biri.<\/p>\n

Tahmin edebilece\u011finiz gibi, siber su\u00e7lular\u0131n kendi \u00e7\u0131karlar\u0131 do\u011frultusunda k\u00f6t\u00fcye kulland\u0131\u011f\u0131 \u015fey i\u015fte bu altyap\u0131. Genelde altyap\u0131n\u0131n bilgisayara ayr\u0131ca kurulmas\u0131 gerekir, fakat bu siber sahtekarlar bunu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla birlikte paketlemenin bir yolunu bulmu\u015flar (MonoBundle klas\u00f6r\u00fcndeki k\u00f6t\u00fc niyetli EXE\u2019yi hat\u0131rlay\u0131n). Sonu\u00e7 olarak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, sahipleri yaln\u0131zca yerel programlar kullanan Mac\u2019lerde bile ba\u015far\u0131yla \u00e7al\u0131\u015f\u0131yor.<\/p>\n

Bir bula\u015fma \u00f6yk\u00fcs\u00fc: Casus yaz\u0131l\u0131mlar ve reklam yaz\u0131l\u0131mlar\u0131<\/h3>\n

Kurulumun ard\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ilk \u00f6nce vir\u00fcs bula\u015fan sistemle ilgili bilgi topluyor. Siber su\u00e7lular modelin ad\u0131yla, cihaz\u0131n kimli\u011fiyle, i\u015flemci \u00f6zellikleriyle, RAM\u2019le ve ba\u015fka bir\u00e7ok \u015feyle ilgileniyor. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ayn\u0131 zamanda kurulu uygulamalarla ilgili bilgiler de topluyor ve bunlar\u0131 C&C sunucusuna g\u00f6nderiyor.<\/p>\n

E\u015f zamanl\u0131 olarak, bula\u015ft\u0131\u011f\u0131 bilgisayara Adobe Flash Media Player ya da Little Snitch maskesi alt\u0131nda \u00e7ok say\u0131da g\u00f6r\u00fcnt\u00fc de indiriyor. \u0130ndirdi\u011fi bu g\u00f6r\u00fcnt\u00fcler asl\u0131nda sizi reklama bo\u011facak s\u0131radan reklam yaz\u0131l\u0131m\u0131 ara\u00e7lar\u0131.<\/p>\n

Nas\u0131l korunulur<\/h3>\n

Bu \u00f6yk\u00fcden \u00e7\u0131kar\u0131lacak ders basit: Bilgi teknolojileri d\u00fcnyas\u0131nda hi\u00e7bir sistem tamamen g\u00fcvenli de\u011fildir. Ve ne kadar g\u00fcvenilir g\u00f6r\u00fcl\u00fcrse g\u00f6r\u00fcls\u00fcn, yerle\u015fik g\u00fcvenlik \u00f6zelliklerine g\u00f6z\u00fc kapal\u0131 g\u00fcvenilmemelidir. \u0130\u015fte bilgisayar\u0131n\u0131z\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 kurnaz yaz\u0131l\u0131mlara kar\u015f\u0131 nas\u0131l koruyabilece\u011finize dair birka\u00e7 ipucu:<\/p>\n