{"id":4891,"date":"2023-06-04T15:16:51","date_gmt":"2023-06-04T13:16:51","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4891"},"modified":"2023-06-04T15:16:51","modified_gmt":"2023-06-04T13:16:51","slug":"android-trojanac-sa-preko-421-000-000-instalacija","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/06\/04\/android-trojanac-sa-preko-421-000-000-instalacija\/","title":{"rendered":"Android trojanac sa preko 421.000.000 instalacija"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su otkrili novi <em>Android<\/em> <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/trojan\/\" target=\"_blank\" rel=\"nofollow noopener\">trojanac<\/a> i prate ga pod nazivom <em>SpinOk<\/em>. Trojanac se distribuira kao reklamni <em>Software Development Kit<\/em> (<em>SDK<\/em>) u <em>Google<\/em> <em>Play<\/em> prodavnici i uticao je na brojne mobilne aplikacije. Kada se sve uzme u obzir, zara\u017eene aplikacije su prikupile preko 421 miliona preuzimanja.<\/span><\/p>\n<div id=\"attachment_4894\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4894\" class=\"size-full wp-image-4894\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/android-hacker-background.jpg\" alt=\"android-hacker\" width=\"1024\" height=\"768\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/android-hacker-background.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/android-hacker-background-300x225.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/android-hacker-background-768x576.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/android-hacker-background-16x12.jpg 16w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4894\" class=\"wp-caption-text\"><em>Image by <\/em><a href=\"https:\/\/www.freepik.com\/free-photo\/matrix-hacker-background_36686610.htm#page=3&amp;query=phone%20malware&amp;position=5&amp;from_view=search&amp;track=ais\" target=\"_blank\" rel=\"noopener\"><em>Freepik<\/em><\/a><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong><em>SpinOk <\/em>&#8211; Android trojanac<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di kompanije <em>Dr. Web<\/em> <a href=\"https:\/\/news.drweb.com\/show\/?i=14705&amp;lng=en\" target=\"_blank\" rel=\"noopener\">otkrili su \u0161pijunski modul<\/a> i ozna\u010dili ga kao <em>SpinOk<\/em>, upozoravaju\u0107i da mo\u017ee da ukrade privatne podatke uskladi\u0161tene na ure\u0111ajima korisnika i po\u0161alje ih na udaljeni server. Sigurnosni istra\u017eiva\u010d ka\u017eu da <em>SpinkOk<\/em> pokazuje naizgled legitimno pona\u0161anje, koriste\u0107i mini-igre koje vode do \u201c<em>dnevnih nagrada<\/em>\u201d kako bi izazvalo interesovanje korisnika.<\/span><\/p>\n<div id=\"attachment_4895\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4895\" class=\"size-full wp-image-4895\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Mini-games-displayed-by-SDK.webp\" alt=\"Mini-games\" width=\"1024\" height=\"734\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Mini-games-displayed-by-SDK.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Mini-games-displayed-by-SDK-300x215.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Mini-games-displayed-by-SDK-768x551.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Mini-games-displayed-by-SDK-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4895\" class=\"wp-caption-text\"><em>Mini-games displayed by SDK; Source: Dr.Web<\/em><\/p><\/div>\n<h3><span style=\"font-size: 14pt;\"><strong>Funkcionisanje<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Nakon inicijalizacije, ovaj trojanski <em>SDK<\/em> se povezuje sa <em>C&amp;C<\/em> serverom tako \u0161to \u0161alje zahtev koji sadr\u017ei veliku koli\u010dinu tehni\u010dkih informacija o zara\u017eenom ure\u0111aju. Uklju\u010deni su podaci sa senzora (kao \u0161to su na primjer \u017eiroskop, magnetometra, itd.), koji se mogu koristiti za otkrivanje okru\u017eenja emulatora i prilago\u0111avanje radne rutine modula kako bi se izbjeglo da da bude otkriven od strane sigurnosnih istra\u017eiva\u010da. Iz istih razloga, ignori\u0161e <em>proxy<\/em> pode\u0161avanje na ure\u0111aja, \u0161to mu omogu\u0107ava da sakrije mre\u017ene veze tokom analize. Kao odgovor, modul prima listu Internet adresa sa servera, koju zatim otvara u <em>WebView<\/em>-u da prika\u017ee reklame.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Pored toga, ovaj trojanski <em>SDK<\/em> pro\u0161iruje mogu\u0107nosti <em>JavaScript<\/em> k\u00f4da koji se izvr\u0161ava na u\u010ditanim Internet stranicama koje sadr\u017ee oglase. On dodaje mnoge funkcije takvom k\u00f4du, kao \u0161to su:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">preuzimanje liste <a href=\"https:\/\/sajberinfo.com\/en\/2022\/12\/16\/sistemi-datoteka\/\" target=\"_blank\" rel=\"nofollow noopener\">datoteka<\/a> u odre\u0111enim direktorijumima,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">provjera prisustvo odre\u0111enih datoteke ili direktorijuma na ure\u0111aju,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">preuzimanje datoteku sa ure\u0111aja<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">kopiranje ili zamjena sadr\u017eaja iz <em>clipboard<\/em>-a.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Ovo omogu\u0107ava <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernim napada\u010dima<\/a> da preko trojanskog modula dobiju povjerljive informacije i datoteke sa ure\u0111aja korisnika \u2013 prvenstveno datoteke kojima mogu da pristupe aplikacije u kojima je ugra\u0111en <em>SpinOk<\/em> zlonamjerni modul.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Pogo\u0111ene aplikacije<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su prona\u0161li ovaj trojanski modul i nekoliko njegovih modifikacija u brojnim aplikacijama koje se preuzimaju preko <em>Google<\/em> <em>Play<\/em> prodavnice. Neke od aplikacija jo\u0161 uvijek sadr\u017ee zlonamjerni <em>SDK<\/em>, kod nekih od aplikacija se nalazi samo u odre\u0111enim verzijama, a kod nekih je potpuno uklonjen. Sigurnosni istra\u017eiva\u010di su identifikovali ukupno 101 aplikaciju, koje su zajedno skupile 421.290.300 preuzimanja, \u0161to zna\u010di da su stotine miliona korisnika u opasnosti. Kompanija Google u \u010dijem je vlasni\u0161tvu <em>Google<\/em> <em>Play<\/em> prodavnica je upoznata sa ovim problemom.<\/span><\/p>\n<div id=\"attachment_4896\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4896\" class=\"size-full wp-image-4896\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Apps-affected-by-the-SpinOk.webp\" alt=\"Apps affected\" width=\"1024\" height=\"1003\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Apps-affected-by-the-SpinOk.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Apps-affected-by-the-SpinOk-300x294.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Apps-affected-by-the-SpinOk-768x752.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/06\/Apps-affected-by-the-SpinOk-12x12.webp 12w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4896\" class=\"wp-caption-text\"><em>Apps affected by the SpinOk; Source: Dr.Web<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Ovo je lista 10 najvi\u0161e preduzimanih aplikacija u kojima se nalazi <em>SpinOk<\/em>:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\"><em>Noizz: video editor with music <\/em>(najmanje 100.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Zapya &#8211; File Transfer, Share <\/em>(najmanje 100.000.000 preuzimanja; zlonamjerni modul se nalazi u verziji <em>6.3.3<\/em> do verzije <em>6.4<\/em>, a ne nalazi se u verziji <em>6.4.1<\/em>),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>VFly: video editor&amp;video maker<\/em> (najmanje 50.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>MVBit &#8211; MV video status maker<\/em> (najmanje 50.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Biugo &#8211; video maker&amp;video editor <\/em>(najmanje 50.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Crazy Drop<\/em> (najmanje 10.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Cashzine &#8211; Earn money reward<\/em> (najmanje 10.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Fizzo Novel &#8211; Reading Offline<\/em> (najmanje 10.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>CashEM: Get Rewards<\/em> (najmanje 5.000.000 preuzimanja),<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Tick: watch to earn<\/em> (najmanje 5.000.000 preuzimanja).<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Potpuna lista aplikacija u kojima se nalazi <em>SpinOk<\/em> se nalazi <a href=\"https:\/\/github.com\/DoctorWebLtd\/malware-iocs\/blob\/master\/Android.Spy.SpinOk\/README.adoc\" target=\"_blank\" rel=\"noopener\">ovdje<\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><span style=\"font-size: 14pt;\"><strong>Zaklju\u010dak<\/strong><\/span><\/h5>\n<p><span style=\"font-size: 14pt;\">Trenutno nije poznato da li su izdava\u010di aplikacija u kojima se nalazi ovaj trojanski modul bili prevareni od strane distributera <em>SDK<\/em> ili su ga svjesno uklju\u010dili u svoj k\u00f4d, ali ove infekcije obi\u010dno nastaju usljed napada trec\u0301e strane na lanac snabdijevanja. Korisnici koji koriste neku od aplikacija koje su navedene na listi, trebalo bi da a\u017euriraju aplikacije na najnoviju verziju dostupnu preko <em>Google<\/em> <em>Play<\/em> prodavnice, koje sada trebalo da su sada sigurne.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ako aplikacija nije dostupna u zvani\u010dnoj <em>Android<\/em> prodavnici aplikacija, korisnicima se preporu\u010duje\u00a0 da je odmah obri\u0161u aplikaciju i pokrenu skeniranje ure\u0111aja pomo\u0107u pouzdanog i provjerenog mobilnog <a href=\"https:\/\/sajberinfo.com\/en\/2021\/08\/17\/antivirusni-softver\/\" target=\"_blank\" rel=\"nofollow noopener\">antivirusnog alata<\/a> kako biste bili sigurni da su svi ostaci \u0161pijunskog softvera uklonjeni.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Sigurnosni istra\u017eiva\u010di su otkrili novi Android trojanac i prate ga pod nazivom SpinOk. Trojanac se distribuira kao reklamni Software Development Kit (SDK) u Google Play prodavnici i uticao je na brojne mobilne aplikacije. Kada&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4894,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[345,96,97],"class_list":["post-4891","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-google-play","tag-trojan","tag-trojanac"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4891"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4891\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4894"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}