{"id":4155,"date":"2022-12-21T23:41:03","date_gmt":"2022-12-21T22:41:03","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4155"},"modified":"2022-12-21T23:41:03","modified_gmt":"2022-12-21T22:41:03","slug":"zlonamjerni-android-softver-krade-lozinke-za-internet-bankarstvo","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2022\/12\/21\/zlonamjerni-android-softver-krade-lozinke-za-internet-bankarstvo\/","title":{"rendered":"Zlonamjerni Android softver krade lozinke za Internet bankarstvo"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>GodFather<\/em> (\u201cKum\u201d), zlonamjerni <em>Android<\/em> softver se koristi za zloupotrebu preko 400 aplikacija za Internet bankarstvo i kriptovalute na podru\u010dju 16 zemalja. Smatra nasljednikom bankarskog trojanca <em>Anubis<\/em>, \u010diji je izvorni k\u00f4d objavljen na Internetu 2019. godine, a bio je veoma popularan dok nije izgubio mogu\u0107nost izbjegavanja <em>Android<\/em> sistema za\u0161tite.<\/span><\/p>\n<div id=\"attachment_4156\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4156\" class=\"size-full wp-image-4156\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/Malware-Infection.jpg\" alt=\"Malware Android\" width=\"1024\" height=\"757\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/Malware-Infection.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/Malware-Infection-300x222.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/Malware-Infection-768x568.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/Malware-Infection-16x12.jpg 16w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4156\" class=\"wp-caption-text\"><em>Malware Infection by <\/em><a href=\"http:\/\/howtostartablogonline.net\" target=\"_blank\" rel=\"noopener\"><em>Blogtrepreneur<\/em><\/a><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Ovaj zlonamjerni softver cilja 215 banki, 94 provajdera kriptovaluta i 110 platformi za razmjenu kriptovaluta korisnika koji se nalaze u Sjedinjenim Dr\u017eavama, Turskoj, \u0160paniji, Kanadi, Francuskoj, Njema\u010dkoj i Velikoj Britaniji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Konkretno rije\u010d je o <em><a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/trojan\/\" target=\"_blank\" rel=\"nofollow noopener\">trojan<\/a><\/em> <em>Android<\/em> zlonamjernom softveru prvobitno otkrivenom od strane sigurnosnih istra\u017eiva\u010da kompanije <a href=\"https:\/\/twitter.com\/ThreatFabric\/status\/1505932079401480198\" target=\"_blank\" rel=\"noopener\"><em>ThreatFabric<\/em><\/a> u martu 2022. godine. Od tada su ura\u0111ene ogromne nadogradnje i pobolj\u0161anja k\u00f4da, uklju\u010duju\u0107i mogu\u0107nosti snimanja videa, snimanja otkucanih tipki, hvatanje snimaka ekrana, \u010ditanje <em>SMS<\/em> poruka i liste poziva, koje je sada analizirala sigurnosna kompanija <em>Group-IB<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Distribucija se odvija ograni\u010deno preko aplikacija u <em>Google<\/em> prodavnici, ali glavni metod distribucije jo\u0161 uvijek nije poznat. Jednom instaliran, <em>GodFather<\/em> po\u010dinje da opona\u0161a <em>Google Protect<\/em> sigurnosni alat koji se nalazi na <em>Android<\/em> ure\u0111ajima. Ide toliko daleko, da korisnicima opona\u0161a procese skeniranja ure\u0111aja, predstavljaju\u0107i se kao legitimna aplikacija kako bi dobio pristup <em>Accessibility<\/em> servisu. Kada korisnik odobri pristup ovom servisu, zlonamjerni softver sebi daje sve potrebne privilegije za obavljanje zlonamjernih radnji na ure\u0111aju.<\/span><\/p>\n<div id=\"attachment_4157\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4157\" class=\"size-full wp-image-4157\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/malicius-virus.webp\" alt=\"malicius malware\" width=\"1024\" height=\"576\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/malicius-virus.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/malicius-virus-300x169.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/malicius-virus-768x432.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/malicius-virus-18x10.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4157\" class=\"wp-caption-text\"><em>Malicious virus; Source: <a href=\"https:\/\/wallpapercave.com\/w\/wp6992925\" target=\"_blank\" rel=\"noopener\">Wallpapercave<\/a><\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Ovako dobijene privilegije omogu\u0107avaju zlonamjernom softveru da onemogu\u0107i korisnika da ga ukloni sa ure\u0111aja, preuzimanje k\u00f4dva iz aplikacije <em>Google Authenticator<\/em> za verifikaciju u dva koraka, izvr\u0161avanje komandi, kra\u0111u <em>PIN<\/em>-ova i lozinki.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Zanimljivo je da <em>GodFather <\/em>radi provjeru regiona i ako otkrije sistemska pode\u0161avanja jezika ure\u0111aja za region biv\u0161eg Sovjetskog saveza &#8211; ruski, azerbejd\u017eanski, jermenski, beloruski, kazahstanski, kirgiski, moldavski, uzbekistanski ili tad\u017eikistanski jezik, zlonamjerni softver se gasi. Ovo navodi sigurnosne istra\u017eiva\u010de na zaklju\u010dak da su osobe koje stoje iza ovog trojanca sa ruskog govornog podru\u010dja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Kako bi se za\u0161titili, potrebno je da korisnici preuzimaju aplikacije isklju\u010divo iz <em>Google<\/em> prodavnice, redovno a\u017euriraju svoje ure\u0111aje, koriste antivirusni softver, budu sigurni da je <em>Play Protect <\/em>za\u0161tita aktivna i da na ure\u0111aju imaju \u0161to manje instaliranih aplikacija.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>GodFather (\u201cKum\u201d), zlonamjerni Android softver se koristi za zloupotrebu preko 400 aplikacija za Internet bankarstvo i kriptovalute na podru\u010dju 16 zemalja. Smatra nasljednikom bankarskog trojanca Anubis, \u010diji je izvorni k\u00f4d objavljen na Internetu 2019.&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4156,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[187,93,96],"class_list":["post-4155","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-android","tag-malware","tag-trojan"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4155"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4155\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4156"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}