{"id":83793,"date":"2021-08-11T19:47:59","date_gmt":"2021-08-11T16:47:59","guid":{"rendered":"http:\/\/hilmibilici.com\/?p=83793"},"modified":"2024-12-02T14:00:32","modified_gmt":"2024-12-02T11:00:32","slug":"83793","status":"publish","type":"post","link":"http:\/\/hilmibilici.com\/?p=83793","title":{"rendered":"FlyTrap Android k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 10.000&#8217;den fazla Facebook hesab\u0131n\u0131 tehlikeye att\u0131"},"content":{"rendered":"<p><a href=\"http:\/\/zimperium.com\" target=\"_blank\" rel=\"noopener\">Zimperium<\/a> <strong>Mobil G\u00fcvenlik<\/strong> Sitesi uzmanlar\u0131na g\u00f6re, FlyTrap adl\u0131 Android i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m tespit edildi. Yaz\u0131l\u0131m oturum \u00e7erezlerini \u00e7alarak d\u00fcnya \u00e7ap\u0131nda 140 \u00fclkede Facebook hesaplar\u0131n\u0131 ele ge\u00e7iriyor. \u0130\u015fin daha da k\u00f6t\u00fcs\u00fc, ara\u015ft\u0131rmac\u0131lar \u00e7al\u0131nt\u0131 bilgileri herkes i\u00e7in kullan\u0131labilir halde Flytrap C&amp;C sunucusunda bulundu\u011funu a\u00e7\u0131klad\u0131.<\/p>\n<p>Analistler, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n en az Mart 2021&#8217;den beri aktif oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor. Sald\u0131rganlar, <a href=\"https:\/\/play.google.com\/store?hl=tr&amp;gl=US\" target=\"_blank\" rel=\"noopener\">Google Play<\/a> ve \u00fc\u00e7\u00fcnc\u00fc taraf Android uygulama ma\u011fazalar\u0131 arac\u0131l\u0131\u011f\u0131yla da\u011f\u0131t\u0131lan tuzaklar\u0131 kullan\u0131yor. Genel olarak, b\u00f6yle bir tuzak, kullan\u0131c\u0131ya \u00fccretsiz kuponlar (Netflix, Google AdWords vb. i\u00e7in) veya favori futbol tak\u0131m\u0131 ve Euro 2020 oyuncusu i\u00e7in oy kullanma teklifleri sunarak i\u015fe ba\u015fl\u0131yor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.zimperium.com\/wp-content\/uploads\/2021\/08\/Zimperium_FlyTrapTrojan_image16.webp\" \/><\/p>\n<p>Bunu yapmak i\u00e7in, iddiaya g\u00f6re ma\u011fdurun Facebook kimlik bilgilerini kullanarak uygulamada oturum a\u00e7mas\u0131 gerekiyor ve kimlik do\u011frulama, sosyal a\u011flar\u0131n me\u015fru etki alan\u0131 arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015fiyor. K\u00f6t\u00fc ama\u00e7l\u0131 uygulamalar ger\u00e7ek Facebook SSO kulland\u0131\u011f\u0131ndan, do\u011frudan kullan\u0131c\u0131 kimlik bilgilerini toplayamazlar. Bunun yerine FlyTrap, di\u011fer hassas verileri toplamak i\u00e7in JavaScript enjeksiyonunu kullan\u0131r.<\/p>\n<blockquote><p>Uzmanlar &#8220;Uygulaman\u0131n, JavaScript enjeksiyonu kullan\u0131larak yap\u0131land\u0131r\u0131lm\u0131\u015f bir Web G\u00f6r\u00fcn\u00fcm\u00fc i\u00e7inde ger\u00e7ek bir URL a\u00e7t\u0131\u011f\u0131n\u0131 ve bu, \u00e7erezleri, kullan\u0131c\u0131 hesab\u0131 ayr\u0131nt\u0131lar\u0131, konum bilgileri ve IP adresi dahil olmak \u00fczere ihtiya\u00e7 duydu\u011fu t\u00fcm bilgileri almas\u0131na olanak tan\u0131d\u0131\u011f\u0131&#8221; \u015feklinde a\u00e7\u0131kl\u0131yor.<\/p><\/blockquote>\n<p>Bu \u015fekilde toplanan bilgiler, sald\u0131rganlar\u0131n komuta ve kontrol sunucusuna iletilir.\u00a0\u015eu anda d\u00fcnyan\u0131n 144 \u00fclkesinde 10.000&#8217;den fazla Android kullan\u0131c\u0131s\u0131 bu k\u00f6t\u00fc niyetli yaz\u0131l\u0131m\u0131n kurban\u0131 oldu.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, herkesin buna eri\u015febilece\u011fini ke\u015ffetti\u011finden, kesin veriler ve say\u0131lar su\u00e7lular\u0131n sunucusundan \u00e7\u0131kar\u0131ld\u0131.\u00a0Uzmanlara g\u00f6re, FlyTrap C&amp;C sunucusunda depolanan bilgilere eri\u015fimi kolayla\u015ft\u0131ran bir\u00e7ok g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunuyordu.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, kimlik bilgilerini \u00e7alan kimlik av\u0131 sayfalar\u0131n\u0131n doland\u0131r\u0131c\u0131lar taraf\u0131ndan kullan\u0131lan tek ara\u00e7 olmad\u0131\u011f\u0131n\u0131 vurguluyor.\u00a0<strong>FlyTrap<\/strong> \u00f6rne\u011finin g\u00f6sterdi\u011fi gibi, me\u015fru bir alan ad\u0131 \u00fczerinden giri\u015f yapmak da riskli olabilir.<\/p>\n<p>Sadece bilgi g\u00fcvenli\u011fi alan\u0131nda uzmanla\u015fmak i\u00e7in de\u011fil kendi bili\u015fim g\u00fcvenli\u011finiz i\u00e7in <a href=\"http:\/\/hilmibilici.com\/index.php\/2021\/06\/22\/siber-guvenlik-ve-sizma-testi-kitabim-yayinda\/\" target=\"_blank\" rel=\"noopener\">Siber g\u00fcvenlik ve S\u0131zma testi<\/a> kitab\u0131m\u0131za g\u00f6z atabilirsiniz.<\/p>\n<div class=\"bdaia-p-inline-e3-desktop\">\n<div class=\"bdaia-e3-container\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Zimperium Mobil G\u00fcvenlik Sitesi uzmanlar\u0131na g\u00f6re, FlyTrap adl\u0131 Android i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m tespit edildi. Yaz\u0131l\u0131m oturum \u00e7erezlerini \u00e7alarak d\u00fcnya&#8230;<\/p>\n","protected":false},"author":1,"featured_media":85083,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[71,75,190,198,199,200,274,300,421,431],"class_list":["post-83793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bilisim-hukuku","tag-android","tag-android-virusu","tag-facebook","tag-flytrap","tag-flytrap-trojan","tag-flytrap-virus","tag-kotu-amacli-yazilim","tag-mobil-guvenlik","tag-sinek-kapani","tag-sosyal-muhendislik"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83793"}],"version-history":[{"count":3,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83793\/revisions"}],"predecessor-version":[{"id":85085,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83793\/revisions\/85085"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/media\/85083"}],"wp:attachment":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83793"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}