Jauns v\u012bruss WhatsApp uzbrukums kriptoval\u016btu lietot\u0101jiem<\/p>\n
Interneta lietot\u0101ji, \u012bpa\u0161i tie, kas akt\u012bvi darbojas kriptoval\u016btu pasaul\u0113, saskaras ar jaunu un \u013coti b\u012bstamu draudu. T\u012bmek\u013ca \u013caundari izplata kait\u012bgu programmat\u016bru, ko d\u0113v\u0113 par Eternidade Stealer, izmantojot WhatsApp. \u0160is v\u012bruss ir sp\u0113j\u012bgs piek\u013c\u016bt lietot\u0101ju kriptoval\u016btu bir\u017e\u0101m un digit\u0101lajiem makiem, radot nopietnu risku vi\u0146u digit\u0101lajiem l\u012bdzek\u013ciem.<\/p>\n
Eternidade Stealer \u2013 deta\u013cas par draudu<\/p>\n
Eternidade Stealer ir \u012bpa\u0161i izstr\u0101d\u0101ts, lai zogtu sensit\u012bvu inform\u0101ciju no kriptoval\u016btu lietot\u0101jiem. T\u0101 izplat\u012b\u0161an\u0101s meh\u0101nisms ir sam\u0113r\u0101 vienk\u0101r\u0161s, bet efekt\u012bvs: zi\u0146ojums WhatsApp ar pielikumu, kas, atv\u0113rts, aktiviz\u0113 v\u012brusa darb\u012bbu. P\u0113c infic\u0113\u0161an\u0101s programma s\u0101k savu graujo\u0161o darbu, mekl\u0113jot un p\u0101r\u0146emot piek\u013cuvi visiem pieejamajiem kriptoval\u016btu maci\u0146iem un tirdzniec\u012bbas platform\u0101m. P\u0113c s\u0101kotn\u0113j\u0101s izplat\u012b\u0161an\u0101s kampa\u0146as, kas s\u0101k\u0101s Braz\u012blij\u0101, draudi nu ir glob\u0101li.<\/p>\n
K\u0101 v\u012bruss darbojas un k\u0101da ir t\u0101 ietekme<\/p>\n
Saska\u0146\u0101 ar izmekl\u0113t\u0101ju no Trustwave SpiderLabs datiem, kampa\u0146a s\u0101kas ar VBScript failu. \u0160is fails, izmantojot palaid\u0113ju, aktiviz\u0113 divus galvenos modu\u013cus. Pirmais ir Python t\u0101rps, kas bez lietot\u0101ja zi\u0146as sav\u0101c kontaktu sarakstu no WhatsApp, filtr\u0113jot gan parastos kontaktus, gan biznesa kontus un grupas. \u0160\u012b inform\u0101cija tiek nos\u016bt\u012bta uz komand\u0113\u0161anas un kontroles (C2) serveri. Otrais modulis ir MSI instal\u0113t\u0101js, kas savuk\u0101rt palaidi Eternidade Stealer.<\/p>\n
\u012apa\u0161i b\u012bstami ir tas, ka v\u012bruss ir \u0123eogr\u0101fiski specifisks. Ja oper\u0113t\u0101jsist\u0113mas valoda ir braz\u012blie\u0161u portug\u0101\u013cu, trojanis s\u0101k akt\u012bvi sken\u0113t ekr\u0101nus un procesus, mekl\u0113jot finan\u0161u pakalpojumus un kriptoval\u016btu platformas, lai tikai tad piln\u012bb\u0101 aktiviz\u0113tos. \u0160is t\u0101 d\u0113v\u0113t\u0101 “\u0123eofens\u0113\u0161ana” noz\u012bm\u0113, ka uzbrukumi prim\u0101ri ir v\u0113rsti pret konkr\u0113tu re\u0123ionu lietot\u0101jiem, ta\u010du tas nenoz\u012bm\u0113, ka citi ir piln\u012bb\u0101 pasarg\u0101ti. P\u0113t\u012bjumi liecina par centieniem infic\u0113t lietot\u0101jus 38 valst\u012bs, tostarp ASV un Eirop\u0101.<\/p>\n
M\u0113r\u0137tiec\u012bg\u0101s platformas un riska grupas<\/p>\n
Eternidade Stealer ir izstr\u0101d\u0101ts, lai apdraud\u0113tu pla\u0161u kl\u0101stu popul\u0101ru kriptoval\u016btu pakalpojumu. Uzbrukuma m\u0113r\u0137is ir t\u0101di giganti k\u0101 Binance, OKX, Coinbase, Kraken, Bybit, k\u0101 ar\u012b popul\u0101ri digit\u0101lie maki k\u0101 MetaMask, Trust Wallet, Ledger Live un Phantom. V\u012bruss satur specifiskas paz\u012bmes, lai identific\u0113tu un piek\u013c\u016btu \u0161\u0101d\u0101m lietotn\u0113m, piem\u0113ram, Electrum, Exodus, Trust Wallet, MetaMask un daudziem citiem. Tas rada re\u0101las ba\u017eas par l\u012bdzek\u013cu dro\u0161\u012bbu un priv\u0101tumu.<\/p>\n
K\u0101 pasarg\u0101t sevi no v\u012brusa<\/p>\n
Eksperti sniedz skaidrus un vienk\u0101r\u0161us padomus, k\u0101 pasarg\u0101t sevi no \u0161\u012b un l\u012bdz\u012bgiem uzbrukumiem. Pirmk\u0101rt, nekad neatveriet nezin\u0101mus pielikumus vai saites, kas sa\u0146emtas WhatsApp, ja neesat piln\u012bb\u0101 p\u0101rliecin\u0101ti par s\u016bt\u012bt\u0101ja identit\u0101ti un zi\u0146as dro\u0161umu. Vienm\u0113r p\u0101rbaudiet s\u016bt\u012bt\u0101ju atsevi\u0161\u0137i. Otrk\u0101rt, regul\u0101ri atjauniniet gan savu oper\u0113t\u0101jsist\u0113mu, gan pretv\u012brusu programmat\u016bru; jaun\u0101k\u0101s versijas bie\u017ei vien satur dro\u0161\u012bbas iel\u0101pus pret jauniem draudiem. Tre\u0161k\u0101rt, ja rodas jebk\u0101das aizdomas vai neskaidr\u012bbas par savu kontu dro\u0161\u012bbu, nekav\u0113joties apturiet visus dar\u012bjumus un piek\u013cuvi sav\u0101m bir\u017e\u0101m un makiem, lai nov\u0113rstu iesp\u0113jamus l\u012bdzek\u013cu zudumus. \u0160ie dro\u0161\u012bbas pas\u0101kumi var \u0161\u0137ist vienk\u0101r\u0161i, ta\u010du to iev\u0113ro\u0161ana ir \u013coti svar\u012bga j\u016bsu digit\u0101l\u0101s mantas saglab\u0101\u0161an\u0101.<\/p>\n
Paz\u012bmes, kas br\u012bdina par infic\u0113\u0161anos<\/p>\n
Ir svar\u012bgi piev\u0113rst uzman\u012bbu potenci\u0101laj\u0101m infic\u0113\u0161an\u0101s paz\u012bm\u0113m. Ja p\u0113k\u0161\u0146i sa\u0146emat negaid\u012btu WhatsApp zi\u0146ojumu ar pielikumu, ja bez j\u016bsu iniciat\u012bvas s\u0101k darboties .MSI faili vai citi skripti, vai ja nov\u0113rojat aizdom\u012bgu aktivit\u0101ti sav\u0101s kriptoval\u016btu lietotn\u0113s vai makos, t\u0101m ir j\u0101b\u016bt sarkanaj\u0101m gaism\u0101m. \u0160\u012bs paz\u012bmes var liecin\u0101t par to, ka j\u016bsu sist\u0113ma ir apdraud\u0113ta un nepiecie\u0161ams r\u012bkoties nekav\u0113joties.<\/p>\n
Pla\u0161\u0101ks uzbrukumu spektrs<\/p>\n
J\u0101atz\u012bm\u0113, ka WhatsApp nav vien\u012bgais kan\u0101ls, ko \u013caundari izmanto, lai piek\u013c\u016btu kriptoval\u016btu maci\u0146iem. Iepriek\u0161 ir fiks\u0113ti gad\u012bjumi, kad trojas zirgi ir veiksm\u012bgi nozagu\u0161i iev\u0113rojamas summas. Piem\u0113ram, pirms \u010detriem m\u0113ne\u0161iem l\u012bdz\u012bgs v\u012bruss rad\u012bja zaud\u0113jumus 150 000 ASV dol\u0101ru apm\u0113r\u0101 lietot\u0101jiem, kuri izmantoja verifik\u0101cijas bezmaksas Steam sp\u0113li “Chemia”. Gandr\u012bz taj\u0101 pa\u0161\u0101 laik\u0101 l\u012bdz\u012bga hakeru programmat\u016bra tika atrasta ar\u012b Amazon Q m\u0101ksl\u012bg\u0101 intelekta r\u012bk\u0101. Tas nor\u0101da uz to, ka tie\u0161saistes draudi past\u0101v\u012bgi att\u012bst\u0101s un piel\u0101gojas, apdraudot da\u017e\u0101das digit\u0101l\u0101s platformas.<\/p>\n","protected":false},"excerpt":{"rendered":"Jauns v\u012bruss WhatsApp uzbrukums kriptoval\u016btu lietot\u0101jiem Interneta lietot\u0101ji, \u012bpa\u0161i tie, kas akt\u012bvi darbojas kriptoval\u016btu pasaul\u0113, saskaras ar jaunu…\n","protected":false},"author":2,"featured_media":55484,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[77,76,15001,15000,5552,10649,35,39,38,36,37,34,40,14999],"class_list":{"0":"post-55483","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bizness","8":"tag-bizness","9":"tag-business","10":"tag-digitalie-maki","11":"tag-eternidade-stealer","12":"tag-kibernoziegumi","13":"tag-kriptovalutu-drosiba","14":"tag-latvia","15":"tag-latvian","16":"tag-latviesu","17":"tag-latviesu-valoda","18":"tag-latviesuvaloda","19":"tag-latvija","20":"tag-lv","21":"tag-whatsapp-viruss"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@lv\/115588391448522778","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts\/55483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/comments?post=55483"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts\/55483\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/media\/55484"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/media?parent=55483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/categories?post=55483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/tags?post=55483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}