{"id":4566,"date":"2023-03-30T22:21:58","date_gmt":"2023-03-30T21:21:58","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4566"},"modified":"2023-04-11T21:48:47","modified_gmt":"2023-04-11T20:48:47","slug":"macstealer-zlonamjerni-softver","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/03\/30\/macstealer-zlonamjerni-softver\/","title":{"rendered":"MacStealer zlonamjerni softver"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>MacStealer<\/em> <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni softver<\/a> je nova prijetnja za korisnike <em>macOS<\/em> operativnih sistema, jer ima mogu\u0107nost kra\u0111e lozinki iz <em>Apple<\/em> sistema za upravljanje <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinkama<\/a> <em>iCloud<\/em> <em>Keychain<\/em>.<\/span><\/p>\n<div id=\"attachment_4567\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4567\" class=\"size-full wp-image-4567\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/MacStealer.jpg\" alt=\"MacStealer\" width=\"1024\" height=\"640\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/MacStealer.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/MacStealer-300x188.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/MacStealer-768x480.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/MacStealer-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4567\" class=\"wp-caption-text\"><em>MacStealer zlonamjerni softver; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Napad na korisnike <em>Mac<\/em> ure\u0111aja<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>MacStealer<\/em> je novi zlonamjerni kradljivac podatka koji napada korisnike <em>Mac<\/em> ure\u0111aja sa mogu\u0107no\u0161\u0107u kra\u0111e korisni\u010dkih podataka iz <em>Apple<\/em> sistema za upravljanje lozinkama <em>iCloud<\/em> <em>Keychain<\/em>, Internet pregleda\u010da, kripto nov\u010danika uz mogu\u0107nost kra\u0111e dokumenta. Navedeni softver, <a href=\"https:\/\/www.uptycs.com\/blog\/macstealer-command-and-control-c2-malware\" target=\"_blank\" rel=\"noopener\">prema podacima <em>Uptycs<\/em> sigurnosnog tima<\/a> napada <em>macOS<\/em> sisteme od sistema <em>Catalina<\/em> (10.15) do <em>Ventura<\/em> (13.2). Kao i ve\u0107ina zlonamjernog softvera u posljednje vrijeme, njegova distribucija se vr\u0161i po modelu zlonamjerni softver kao usluga (eng. <em>Malware-as-a-service <\/em>\u2013 <em>MaaS<\/em>), a autor tra\u017ei 100 ameri\u010dkih dolara po kampanji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong><em>MacStealer<\/em><\/strong><strong> mogu\u0107nosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\"><em>MacStealer<\/em> se reklamira na hakerskom forumu na Mra\u010dnom Internetu od po\u010detka mjeseca. Prodavac tvrdi da je razvoj zlonamjernog softvera jo\u0161 u toku i da kupac nema\u00a0 mogu\u0107nosti upravljanja ili izgradnje aplikacija, pa je cijena od 100 ameri\u010dkih dolara opravdano niska. Kupac dobija posebno pripremljenu <em>DMG<\/em> datoteku u kojoj se krije <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\">aktivni dio zlonamjernog softvera<\/a>, koji mo\u017ee izvr\u0161iti infekciju <em>macOS<\/em> <em>Catalina<\/em>, <em>Big<\/em> <em>Sur<\/em>, <em>Monterey<\/em> i <em>Ventura <\/em>sistema.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Autor ovog zlonamjernog softvera tvrdi da <em>MacStealer<\/em> ve\u0107 sada mo\u017ee izvr\u0161iti kra\u0111u:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Korisni\u010dkih naloga, kola\u010di\u0107a i podacima o kreditnim karticama iz <em>Firefox<\/em>, <em>Chrome<\/em> i <em>Brave<\/em> Internet pregleda\u010da.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Coinomi, Exodus, MetaMask, Phantom, Tron, Martian Wallet, Trust wallet, Keplr Wallet <\/em>i <em>Binance<\/em> kripto nov\u010danika.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY<\/em> i <em>DB<\/em> datoteka.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Izvu\u0107i <em>Keychain<\/em> bazu (<em>login.keychain-db<\/em>) u <em>base64<\/em> kodiranom obliku i prikupljati podatke o lozinkama.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Prikupljati sistemske informacije.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\"><em>Keychain<\/em> je sigurno sistemsko skladi\u0161te u <em>macOS<\/em> operativnim sistemima za \u010duvanje korisni\u010dkih lozinki, privatnih klju\u010deva i certifikata koji se \u0161ifruju lozinkom za prijavu. Ova opcija omogu\u0107ava korisnicima automatski unos podatka za prijavu bilo na Internet stranici ili u aplikaciji.<\/span><\/p>\n<div id=\"attachment_4568\" style=\"width: 1867px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4568\" class=\"size-full wp-image-4568\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3.webp\" alt=\"Threat actor advertisement \" width=\"1857\" height=\"812\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3.webp 1857w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3-300x131.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3-1024x448.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3-768x336.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3-1536x672.webp 1536w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Figure-1-3-18x8.webp 18w\" sizes=\"auto, (max-width: 1857px) 100vw, 1857px\" \/><p id=\"caption-attachment-4568\" class=\"wp-caption-text\"><em>Threat actor advertisement on the dark web; Source: <\/em><a href=\"https:\/\/www.uptycs.com\/blog\/macstealer-command-and-control-c2-malware\" target=\"_blank\" rel=\"noopener\"><em>Uptycs<\/em><\/a><\/p><\/div>\n<h4><span style=\"font-size: 14pt;\"><strong><em>MacStealer <\/em><\/strong><strong>funkcionisanje<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em>Kao \u0161to je ve\u0107 re\u010deno, distribucija se vr\u0161i preko <em>DMG<\/em> datoteke u kojoj se krije aktivni dio zlonamjernog softvera sa ciljem da se korisnik prevari i pokrene ovu datoteku.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kada korisnik pokrene <em>DMG<\/em> datoteku, dolazi po pojave la\u017enog zahtjeva za unos lozinke, koji u stvari omogu\u0107ava zlonamjernom softveru da vr\u0161i prikupljanje podatka na inficiranom ure\u0111aju. Prikupljeni podaci se pakuju u <em>ZIP<\/em> datoteku i \u0161alju komandnom serveru kako bi ih napada\u010d preuzeo.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">U isto vrijeme, ovaj zlonamjerni softver \u0161alje neke osnovne informacije preko ve\u0107 pode\u0161enog <em>Telegram<\/em> kanala napada\u010du sa obavje\u0161tenjem da je izvr\u0161ena kra\u0111a podataka i da mo\u017ee preuzeti <em>ZIP<\/em> datoteku.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Iako je ve\u0107ina zlonamjernih operacija usmjerena na korisnike <em>Windows<\/em> operativnog sistema, treba imati na umu da i <em>macOS<\/em> nije imun na takve prijetnje. Njegovi korisnici treba da budu oprezni i izbjegavaju preuzimanje datoteka sa nepouzdanih Internet lokacija lokacija i da vode ra\u010duna da su na <em>Mac<\/em> ure\u0111ajima instalirana zadnja dostupna a\u017euriranja i sigurnosne ispravke.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>MacStealer zlonamjerni softver je nova prijetnja za korisnike macOS operativnih sistema, jer ima mogu\u0107nost kra\u0111e lozinki iz Apple sistema za upravljanje lozinkama iCloud Keychain. Napad na korisnike Mac ure\u0111aja MacStealer je novi zlonamjerni kradljivac&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4567,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[323,310,144,231],"class_list":["post-4566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-apple","tag-maas","tag-macos","tag-malware-as-a-service"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4566"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4566\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4567"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}