{"id":9740,"date":"2021-06-16T14:12:01","date_gmt":"2021-06-16T11:12:01","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9740"},"modified":"2021-10-04T18:58:52","modified_gmt":"2021-10-04T15:58:52","slug":"malware-disguised-as-antivirus","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/malware-disguised-as-antivirus\/9740\/","title":{"rendered":"Antivir\u00fcs yaz\u0131l\u0131m\u0131 olarak gizlenen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar"},"content":{"rendered":"

Android\u2019le ilgili yapt\u0131\u011f\u0131m\u0131z neredeyse her payla\u015f\u0131mda, uygulamalar\u0131 yaln\u0131zca resmi kaynaklardan y\u00fcklemenizi \u00f6neriyoruz ve bunu yapmaya da devam edece\u011fiz. Son ya\u015fanan bir olay bunun nedenini g\u00f6steriyor. Yak\u0131n zamanda doland\u0131r\u0131c\u0131lar pop\u00fcler ortam y\u00fcr\u00fct\u00fcc\u00fcler, spor uygulamas\u0131, e-kitap okuyucusu ve Kaspersky Internet Security for Android uygulamas\u0131 (ki bu bizi canevimizden vurdu) olarak gizlenen bir bankac\u0131l\u0131k Truva At\u0131 yayd\u0131lar.<\/p>\n

Farkl\u0131 kaynaklardan uygulama y\u00fcklemek neden tehlikeli?<\/h2>\n

\u00dc\u00e7\u00fcnc\u00fc taraf uygulama ma\u011fazalar\u0131 asl\u0131nda k\u00f6t\u00fc de\u011fildir, ama ma\u011fazalar\u0131n g\u00fcvenilir olup olmad\u0131\u011f\u0131n\u0131 kesin olarak bilemezsiniz. Google Play veya Huawei AppGallery gibi resmi uygulama ma\u011fazalar\u0131nda ma\u011faza sahibi \u015firketlerin \u00e7al\u0131\u015fanlar\u0131, geli\u015ftiriciler taraf\u0131ndan ma\u011fazaya konan her uygulamay\u0131 takip eder ve k\u00f6t\u00fc ama\u00e7l\u0131 olan her \u015feyi ay\u0131klar. Bunlar, kendi itibarlar\u0131n\u0131 ve m\u00fc\u015fterilerinin g\u00fcvenli\u011fini koruyan b\u00fcy\u00fck \u015firketler. Kullan\u0131c\u0131lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan uzak tutmak i\u00e7in hem kaynaklar\u0131 hem de gerek\u00e7eleri var.<\/p>\n

Ancak bazen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar Google Play\u2019e bile s\u0131zabiliyor<\/a>. Yine de bu yaz\u0131l\u0131mlara resmi ma\u011fazalarda rastlama olas\u0131l\u0131\u011f\u0131, bunlara mesaj panolar\u0131nda, torrent uygulamalar\u0131nda veya ba\u015fka sitelerde rastlama olas\u0131l\u0131\u011f\u0131ndan \u00e7ok daha d\u00fc\u015f\u00fck. K\u00fc\u00e7\u00fck ve ba\u015far\u0131l\u0131, ba\u011f\u0131ms\u0131z ma\u011fazalar \u00e7ok fazla kontrol yapmaz \u00e7\u00fcnk\u00fc genelde yeterli kaynaklar\u0131 yoktur. Bunun nedenle size sunduklar\u0131 uygulamalarda her t\u00fcrl\u00fc \u015feyi gizlenmi\u015f olabilir, hatta bir Truva At\u0131 bile\u2026<\/p>\n

Ayr\u0131ca belirtmeliyiz ki, Android bir cihaza k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 indirmek, genellikle cihaza vir\u00fcs bula\u015fmas\u0131 i\u00e7in yeterli de\u011fildir. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kullan\u0131c\u0131 eri\u015fimi<\/a> elde etmek i\u00e7in bir \u00e7e\u015fit s\u0131f\u0131r-g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanan yaz\u0131l\u0131ma<\/a> ba\u011fl\u0131 olmad\u0131\u011f\u0131 s\u00fcrece, Android \u00fczerine tehlikeli bir uygulama y\u00fcklemek \u00e7aba ister. \u0130\u015fletim sistemi her a\u015famada kullan\u0131c\u0131dan \u00e7e\u015fitli do\u011frulamalar ister: ger\u00e7ekten bu uygulamay\u0131 y\u00fcklemek istiyor musunuz, gereken izinleri vermeyi kabul ediyor musunuz gibi. Siber su\u00e7lular, insanlar\u0131 evet demeye ikna etmek i\u00e7in sosyal m\u00fchendislikten yararlan\u0131r ve \u00e7o\u011fu zaman ba\u015far\u0131l\u0131 olurlar.<\/p>\n

Farkl\u0131 bir ma\u011fazadan indirilen k\u00f6t\u00fc ama\u00e7l\u0131 g\u00fcvenlik programlar\u0131<\/h2>\n

\u0130\u015fte size bir \u00f6rnek. Bir s\u00fcre \u00f6nce bir grup ara\u015ft\u0131rmac\u0131, \u00e7e\u015fitli sahte sitelerde yay\u0131lmakta olan Android uygulamalar\u0131n\u0131 bildirdi<\/a>. Bu uygulamalar\u0131n aras\u0131nda Kaspersky Internet Security for Android uygulamas\u0131n\u0131n sahte bir s\u00fcr\u00fcm\u00fc de vard\u0131.<\/p>\n

Doland\u0131r\u0131c\u0131lar, sahte uygulamalar\u0131n\u0131 \u201cKaspersky Free Antivirus\u201d ad\u0131yla yay\u0131yorlard\u0131 (bizim de bu isimde bir \u00fcr\u00fcn\u00fcm\u00fcz vard\u0131 ama Windows i\u00e7in kullan\u0131l\u0131yordu). Google Play\u2019deki \u015fu andaki uygulamam\u0131z: Kaspersky Mobile Antivirus: Applock & Web Security<\/a>.<\/p>\n

\u0130\u015fin garip yan\u0131, sahte antivir\u00fcs uygulamas\u0131n\u0131 indiren kullan\u0131c\u0131lar\u0131n cihaz\u0131na TeaBot ad\u0131nda bir bankac\u0131l\u0131k Truva At\u0131 bula\u015f\u0131yordu. Bizim g\u00fcvenlik \u00fcr\u00fcnlerimiz bunu HEUR: Trojan-Banker.AndroidOS.Teaban veya HEUR: Trojan-Banker.AndroidOS.Regon ad\u0131yla tespit ediyor.<\/p>\n

Peki konu antivir\u00fcs uygulamalar\u0131 olunca bu neden daha b\u00fcy\u00fck bir sorun oluyor? \u00c7\u00fcnk\u00fc kullan\u0131c\u0131, bu \u015fekilde gizlenen bir bankac\u0131l\u0131k Truva At\u0131\u2019n\u0131 indirmekle ve y\u00fcklemekle kalm\u0131yor, \u00fcst\u00fcne uygulaman\u0131n istedi\u011fi b\u00fct\u00fcn izinleri veriyor. Sonu\u00e7ta sahici bir antivir\u00fcs uygulamas\u0131, verebilece\u011finiz en g\u00fc\u00e7l\u00fc izinlerden biri olan Eri\u015filebilirlik hizmetlerine<\/a> eri\u015fim de dahil olmak \u00fczere bir\u00e7ok izne ihtiya\u00e7 duyar.<\/p>\n

Daha da k\u00f6t\u00fcs\u00fc, antivir\u00fcs koruman\u0131z yoksa, cihaz\u0131n\u0131z k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 tespit edemiyor.<\/p>\n

Y\u00fcklemeyi tamamlamak ve istenen b\u00fct\u00fcn izinleri vermek, TeaBot Truva At\u0131\u2019n\u0131n Android cihazda istedi\u011fi her \u015feyi yapabilmesini sa\u011fl\u0131yor. Tu\u015f kaydetme<\/a>, Google Authenticator kodlar\u0131n\u0131 \u00e7alma ve Android cihaz\u0131n t\u00fcm kontrollerini ele ge\u00e7irmeye kadar her t\u00fcrl\u00fc \u015fekilde Eri\u015filebilirli\u011fi kullanma, gibi bir\u00e7ok \u00f6zelli\u011fi var.<\/p>\n

Uygulaman\u0131n yasal oldu\u011fundan emin olman\u0131n yollar\u0131<\/h2>\n

TeaBot sadece antivir\u00fcs yaz\u0131l\u0131m\u0131 olarak gizlenmiyor. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m baz\u0131 \u00e7ok bilinen devlet, finans, spor, ve kitap uygulamalar\u0131 gibi bir\u00e7ok uygulaman\u0131n sahte s\u00fcr\u00fcmleri olarak da gizlenebilir. G\u00fcvende kalmak i\u00e7in, ak\u0131ll\u0131 telefonunuzun bilinmeyen kaynaklardan uygulama y\u00fckleme \u00f6zelli\u011fini tamamen kapat\u0131n. Android telefonlarda bunu yapabilirsiniz<\/a>. Herhangi bir uygulamaya ihtiyac\u0131n\u0131z oldu\u011funda resmi ma\u011fazalardan yararlan\u0131n.<\/p>\n

Uygulamalara verdi\u011finiz izinler<\/a> konusunda \u00e7ok dikkatli olun. \u00d6rne\u011fin bir spor uygulamas\u0131 Eri\u015filebilirlik \u00f6zelliklerine eri\u015fim izni isterse, kabul etmeden \u00f6nce iki kez (hatta daha fazla) d\u00fc\u015f\u00fcn\u00fcn.<\/p>\n

Son olarak, <em>ger\u00e7ek <\/em>bir antivir\u00fcs korumas\u0131 kulland\u0131\u011f\u0131n\u0131zdan emin olun. Kaspersky Internet Security for Android \u00fcr\u00fcn\u00fcn\u00fcn tamamen \u00fccretsiz s\u00fcr\u00fcm\u00fc elinizin alt\u0131nda oldu\u011funa g\u00f6re, bunu resmi olmayan kaynaklardan indirmeniz i\u00e7in hi\u00e7bir sebep yok. Antivir\u00fcs uygulamam\u0131z\u0131 hem\u00a0Google Play<\/a> hem de\u00a0Huawei AppGallery<\/a> ma\u011fazalar\u0131nda bulabilirsiniz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Sahte bir Kaspersky Internet Security for Android uygulamas\u0131, resmi uygulama ma\u011fazalar\u0131 d\u0131\u015f\u0131ndaki yerlerden uygulama y\u00fcklemenin tehlikelerini g\u00f6zler \u00f6n\u00fcne seriyor.<\/p>\n","protected":false},"author":675,"featured_media":9743,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[105,2089,542],"class_list":{"0":"post-9740","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-bankacilik-truva-atlari","10":"tag-kaspersky-internet-security-for-android"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/malware-disguised-as-antivirus\/9740\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/malware-disguised-as-antivirus\/22979\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/malware-disguised-as-antivirus\/18461\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/malware-disguised-as-antivirus\/9176\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/malware-disguised-as-antivirus\/24911\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/malware-disguised-as-antivirus\/22933\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/malware-disguised-as-antivirus\/22116\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/malware-disguised-as-antivirus\/25471\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/malware-disguised-as-antivirus\/24941\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/malware-disguised-as-antivirus\/30906\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/malware-disguised-as-antivirus\/40252\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/malware-disguised-as-antivirus\/17120\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/malware-disguised-as-antivirus\/17621\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/malware-disguised-as-antivirus\/14928\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/malware-disguised-as-antivirus\/26927\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/malware-disguised-as-antivirus\/31062\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/malware-disguised-as-antivirus\/27185\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/malware-disguised-as-antivirus\/24012\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/malware-disguised-as-antivirus\/29356\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/malware-disguised-as-antivirus\/29149\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/android\/","name":"android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9740"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9740\/revisions"}],"predecessor-version":[{"id":10119,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9740\/revisions\/10119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9743"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}