{"id":33985,"date":"2026-04-01T20:50:08","date_gmt":"2026-04-01T20:50:08","guid":{"rendered":"https:\/\/www.europesays.com\/sk\/33985\/"},"modified":"2026-04-01T20:50:08","modified_gmt":"2026-04-01T20:50:08","slug":"microsoft-varuje-pred-utokmi-cez-whatsapp-staci-otvorit-tento-subor-a-hacker-ziska-kontrolu-nad-tvojim-zariadenim-vosveteit-sk","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/sk\/33985\/","title":{"rendered":"Microsoft varuje pred \u00fatokmi cez WhatsApp. Sta\u010d\u00ed otvori\u0165 tento s\u00fabor a hacker z\u00edska kontrolu nad tvoj\u00edm zariaden\u00edm | Vosveteit.sk"},"content":{"rendered":"

Nov\u00e1 kybernetick\u00e1 kampa\u0148, ktor\u00fa zachytil t\u00edm Microsoft Defender<\/a>, ukazuje, ako m\u00e1lo dnes sta\u010d\u00ed na probl\u00e9m. \u00dato\u010dn\u00edci si nevyberaj\u00fa exotick\u00e9 cesty, vyu\u017eij\u00fa be\u017en\u00fa komunik\u00e1ciu cez WhatsApp a spoliehaj\u00fa sa na to, \u017ee im pou\u017e\u00edvate\u013e otvor\u00ed dvere s\u00e1m.<\/p>\n

\u00datok prich\u00e1dza ako spr\u00e1va s pr\u00edlohou. Naj\u010dastej\u0161ie ide o s\u00fabor s koncovkou .vbs, teda Visual Basic Script. Ide o je jednoduch\u00fd skriptovac\u00ed jazyk vo Windows, ktor\u00fd sl\u00fa\u017ei na automatiz\u00e1ciu \u00faloh, napr\u00edklad spr\u00e1vu s\u00faborov alebo sp\u00fa\u0161\u0165anie pr\u00edkazov. Pou\u017e\u00edva sa najm\u00e4 v administr\u00e1cii syst\u00e9mov, ale \u00fato\u010dn\u00edci ho \u010dasto zneu\u017e\u00edvaj\u00fa na sp\u00fa\u0161\u0165anie \u0161kodliv\u00e9ho k\u00f3du. Nep\u00f4sob\u00ed nebezpe\u010dne, preto\u017ee nejde o klasick\u00fd program (.exe), ktor\u00fd by v\u00e4\u010d\u0161ina syst\u00e9mov automaticky blokovala.<\/p>\n

<\/p>\n

<\/p>\n

Odoberaj Vosveteit.sk cez Telegram a prihl\u00e1s sa k odberu spr\u00e1v
\n <\/a><\/p>\n

A pr\u00e1ve to je trik. VBS s\u00fabor je len text s pr\u00edkazmi, nem\u00e1 \u201etelo\u201c v\u00edrusu. Skuto\u010dn\u00fd malv\u00e9r<\/a> sa stiahne a\u017e po jeho spusten\u00ed. \u00dato\u010dn\u00edci tak ob\u00eddu filtre a spoliehaj\u00fa sa na to, \u017ee skript prejde ako be\u017en\u00fd n\u00e1stroj na automatiz\u00e1ciu.<\/p>\n

\"WhatsApp\"WhatsAppZdroj: microsoft.com, proces infekcie zariadenia
\nKyberzlo\u010dinci podcenili jeden aspekt bezpe\u010dnosti<\/p>\n

Po spusten\u00ed skript vytvor\u00ed skryt\u00e9 prie\u010dinky v syst\u00e9me a za\u010dne kop\u00edrova\u0165 legit\u00edmne Windows n\u00e1stroje, napr\u00edklad curl.exe alebo bitsadmin.exe. N\u00e1sledne ich premenuje na nie\u010do, \u010do p\u00f4sob\u00ed nen\u00e1padne, napr\u00edklad netapi.dll alebo sc.exe.<\/p>\n

Na prv\u00fd poh\u013ead to vyzer\u00e1 ako be\u017en\u00e1 s\u00fa\u010das\u0165 syst\u00e9mu. Probl\u00e9m je, \u017ee ka\u017ed\u00fd tak\u00fdto s\u00fabor m\u00e1 v sebe ulo\u017een\u00e9 p\u00f4vodn\u00e9 meno, tzv. OriginalFileName. A tu vznik\u00e1 rozpor. Ak sa s\u00fabor vol\u00e1 netapi.dll, ale v jeho \u201evn\u00fatri\u201c je zap\u00edsan\u00e9 curl.exe, modern\u00e9 bezpe\u010dnostn\u00e9 syst\u00e9my to vyhodnotia ako podozriv\u00e9. Ide o jeden z d\u00f4vodov, pre\u010do pokro\u010dil\u00e9 rie\u0161enia dok\u00e1\u017eu tento \u00fatok odhali\u0165.<\/p>\n

Neprehliadni
\n <\/p>\n

\"Tvoje\"Tvoje <\/p>\n

\n\t\t\t\t\tPopul\u00e1rna spravodajsk\u00e1 aplik\u00e1cia pre iOS a Android dostala ve\u013ek\u00fa aktualiz\u00e1ciu. Pribudlo mno\u017estvo nov\u00fdch funkci\u00ed, ktor\u00e9 mus\u00ed\u0161 vysk\u00fa\u0161a\u0165 <\/p>\n

<\/a><\/p>\n

\u00dato\u010dn\u00edci v\u0161ak r\u00e1taj\u00fa s t\u00fdm, \u017ee nie ka\u017ed\u00fd syst\u00e9m kontroluje tieto detaily.<\/p>\n

\"WhatsApp\"WhatsAppZdroj: pixabay.com (B_A), \u00faprava Vosveteit.sk<\/p>\n

Po prvotnom prieniku za\u010dne skript s\u0165ahova\u0165 \u010fal\u0161ie s\u00fabory. Nejde v\u0161ak o klasick\u00e9 podozriv\u00e9 servery. \u00dato\u010dn\u00edci vyu\u017e\u00edvaj\u00fa legit\u00edmne slu\u017eby ako Amazon Web Services, Tencent alebo Backblaze. To znamen\u00e1, \u017ee \u0161kodliv\u00e1 aktivita spl\u00fdva s be\u017enou firemnou komunik\u00e1ciou. Pre bezpe\u010dnostn\u00e9 syst\u00e9my je ove\u013ea \u0165a\u017e\u0161ie ju odhali\u0165.<\/p>\n

\u201e\u00dato\u010dn\u00edci kombinuj\u00fa d\u00f4veryhodn\u00e9 platformy s legit\u00edmnymi n\u00e1strojmi, aby zn\u00ed\u017eili vidite\u013enos\u0165 \u00fatoku,\u201c uv\u00e1dza anal\u00fdza.<\/p>\n

Hackeri vypn\u00fa t\u00fato funkciu, v\u010faka \u010domu m\u00f4\u017eu fungova\u0165 nen\u00e1padne<\/p>\n

V \u010fal\u0161om kroku sa malware zameria na User Account Control (UAC), teda ochranu, ktor\u00e1 sa \u0165a p\u00fdta, \u010di s\u00fahlas\u00ed\u0161 s administr\u00e1torsk\u00fdmi zmenami. \u00dato\u010dn\u00edci sa sna\u017eia upravi\u0165 konkr\u00e9tne nastavenie v registroch (napr\u00edklad ConsentPromptBehaviorAdmin). Ak sa im to podar\u00ed, syst\u00e9m prestane zobrazova\u0165 varovania.<\/p>\n

Po vypnut\u00ed UAC \u0161kodliv\u00e9 oper\u00e1cie prebehn\u00fa bez toho, aby sa ti objavilo klasick\u00e9 varovanie, kde mus\u00ed\u0161 potvrdi\u0165, \u017ee chce\u0161 spusti\u0165 neoveren\u00fd proces, ktor\u00fd m\u00f4\u017ee zmeni\u0165 nastavenia v tvojom po\u010d\u00edta\u010di. In\u0161tal\u00e1cia programov, zmeny v syst\u00e9me alebo pr\u00edstup k citliv\u00fdm d\u00e1tam prebehn\u00fa potichu na pozad\u00ed. Ak sa ti niekedy zd\u00e1, \u017ee Windows<\/a> sa zrazu p\u00fdta na povolenia menej \u010dasto ne\u017e predt\u00fdm, nemus\u00ed to by\u0165 n\u00e1hoda.<\/p>\n

\"Viac\"ViacZdroj: AI, Wikimedia (WhatsApp) \u00daprava: Vosveteit.sk<\/a>
\nV tomto momente \u00fato\u010dn\u00edci z\u00edskaj\u00fa pln\u00fa kontrolu<\/p>\n

Na konci \u00fatoku sa nain\u0161taluj\u00fa MSI bal\u00edky, teda klasick\u00e9 in\u0161tala\u010dn\u00e9 s\u00fabory. Vyzeraj\u00fa legit\u00edmne, ale nemaj\u00fa d\u00f4veryhodn\u00fd podpis.<\/p>\n

Obsahuj\u00fa n\u00e1stroje ako AnyDesk<\/a>, ktor\u00e9 \u00fato\u010dn\u00edkovi umo\u017enia vzdialen\u00fd pr\u00edstup. Od tej chv\u00edle m\u00f4\u017ee sledova\u0165, \u010do rob\u00ed\u0161, kop\u00edrova\u0165 d\u00e1ta alebo pou\u017ei\u0165 po\u010d\u00edta\u010d ako s\u00fa\u010das\u0165 v\u00e4\u010d\u0161ej siete napadnut\u00fdch zariaden\u00ed.<\/p>\n

Cel\u00fd \u00fatok stoj\u00ed na kombin\u00e1cii troch k\u013e\u00fa\u010dov\u00fdch vec\u00ed. \u00dato\u010dn\u00edci najprv vyu\u017eij\u00fa d\u00f4veru v zn\u00e1me aplik\u00e1cie, ako je WhatsApp, \u010d\u00edm zv\u00fd\u0161ia \u0161ancu, \u017ee pou\u017e\u00edvate\u013e otvor\u00ed pr\u00edlohu bez podozrenia. N\u00e1sledne siahnu po legit\u00edmnych n\u00e1strojoch syst\u00e9mu Windows, ktor\u00e9 len premenuj\u00fa a zneu\u017eij\u00fa na vlastn\u00e9 \u00fa\u010dely, tak\u017ee ich aktivita p\u00f4sob\u00ed ako be\u017en\u00e1 s\u00fa\u010das\u0165 syst\u00e9mu. Cel\u00fd proces prebieha nen\u00e1padne, bez v\u00fdrazn\u00fdch varovan\u00ed, \u010do im umo\u017en\u00ed zosta\u0165 \u010do najdlh\u0161ie skryt\u00ed.<\/p>\n

Nejde o hlu\u010dn\u00fd v\u00edrus. Ide o tich\u00fd proces, ktor\u00fd spl\u00fdva s be\u017en\u00fdm chodom po\u010d\u00edta\u010da.<\/p>\n

Na toto spr\u00e1vanie si daj pozor<\/p>\n

Najslab\u0161\u00ed \u010dl\u00e1nok zost\u00e1va \u010dlovek. Sta\u010d\u00ed jeden klik na nespr\u00e1vny s\u00fabor. Ak dostane\u0161 pr\u00edlohu cez WhatsApp<\/a>, aj od zn\u00e1meho kontaktu, oplat\u00ed sa overi\u0165 si, \u010di je bezpe\u010dn\u00e1. Z\u00e1rove\u0148 m\u00e1 zmysel sledova\u0165 podozriv\u00e9 spr\u00e1vanie syst\u00e9mu, napr\u00edklad nezn\u00e1me s\u00fabory v ProgramData alebo zvl\u00e1\u0161tne n\u00e1zvy procesov.\u00a0Niektor\u00e9 menej sofistikovan\u00e9 malv\u00e9ry sa prejavia spomalen\u00edm po\u010d\u00edta\u010da. Zist\u00ed\u0161 to napr\u00edklad cez Spr\u00e1vcu \u00faloh, kde uvid\u00ed\u0161 procesor vy\u0165a\u017een\u00fd na 100%.<\/p>\n

\"Windows\"WindowsZdroj: Vosveteit.sk<\/p>\n

T\u00e1to kampa\u0148 ukazuje, \u017ee modern\u00e9 \u00fatoky u\u017e nevs\u00e1dzaj\u00fa na silu, ale na nen\u00e1padnos\u0165. \u00dato\u010dn\u00edci sa nesna\u017eia syst\u00e9m rozbi\u0165, sna\u017eia sa v \u0148om nen\u00e1padne zosta\u0165.<\/p>\n

\u201eKombin\u00e1cia legit\u00edmnych n\u00e1strojov a d\u00f4veryhodn\u00fdch slu\u017eieb zvy\u0161uje \u0161ancu na \u00faspech \u00fatoku,\u201c upozor\u0148uje Microsoft.<\/p>\n

Bezpe\u010dnos\u0165 tak dnes nestoj\u00ed len na technol\u00f3gii. Ve\u013ek\u00e1 \u010das\u0165 z\u00e1vis\u00ed od toho, \u010do otvor\u00ed\u0161 a \u010domu ver\u00ed\u0161.<\/p>\n


\n
\n
\n
\n
\n
\n P\u00e1\u010dil sa v\u00e1m \u010dl\u00e1nok? Sledujte n\u00e1s na Facebooku
\n
\n <\/a> <\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"Nov\u00e1 kybernetick\u00e1 kampa\u0148, ktor\u00fa zachytil t\u00edm Microsoft Defender, ukazuje, ako m\u00e1lo dnes sta\u010d\u00ed na probl\u00e9m. \u00dato\u010dn\u00edci si nevyberaj\u00fa…\n","protected":false},"author":2,"featured_media":33986,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[70,4724,15208,15209,11073,15210,43,15211,40,39,42,41,15212,15213,4068,15214,71],"class_list":{"0":"post-33985","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-zabava","8":"tag-entertainment","9":"tag-hackeri","10":"tag-malver","11":"tag-ovladanie-pc","12":"tag-pc","13":"tag-prikazy","14":"tag-sk","15":"tag-skodlive-prilohy","16":"tag-slovak","17":"tag-slovakia","18":"tag-slovencina","19":"tag-slovensko","20":"tag-stiahnutie-malveru","21":"tag-vbs","22":"tag-whatsapp","23":"tag-windows","24":"tag-zabava"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@sk\/116331428193398368","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts\/33985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/comments?post=33985"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts\/33985\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/media\/33986"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/media?parent=33985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/categories?post=33985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/tags?post=33985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}