{"id":5688,"date":"2023-11-23T23:15:45","date_gmt":"2023-11-23T22:15:45","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5688"},"modified":"2023-11-25T18:41:07","modified_gmt":"2023-11-25T17:41:07","slug":"atomic-stealer-se-siri-putem-laznih-azuriranja","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/11\/23\/atomic-stealer-se-siri-putem-laznih-azuriranja\/","title":{"rendered":"Atomic Stealer se \u0161iri putem la\u017enih a\u017euriranja"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Atomic Stealer<\/em> (poznat jo\u0161 kao <em>AMOS<\/em>) popularan je kradljivac podatka koji cilja <em>Mac OS<\/em> ure\u0111aje. Jo\u0161 u septembru je bilo rije\u010di o tome kako ovaj zlonamjerni softver <a href=\"https:\/\/sajberinfo.com\/en\/2023\/09\/14\/atomic-macos-nova-kampanja\/\" target=\"_blank\" rel=\"nofollow noopener\">napada korisnike putem zlonamjernih oglasa<\/a>,\u00a0 sada u ovom slu\u010daju to radi preko <em>Atomic Stealer <\/em>se sada isporu\u010duje korisnicima <em>Mac OS<\/em> ure\u0111aja preko la\u017enog lanca a\u017euriranja pregleda\u010da koji se prati kao \u201c<em>ClearFake<\/em>\u201d.<\/span><\/p>\n<div id=\"attachment_5694\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5694\" class=\"size-full wp-image-5694\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer-.jpg\" alt=\"AMOS\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer-.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/Atomic-Stealer--320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5694\" class=\"wp-caption-text\"><em>Atomic Stealer se \u0161iri putem la\u017enih a\u017euriranja; Source: Bing Image Creator<\/em><\/p><\/div>\n\n<p><span style=\"font-size: 14pt;\">Ovo bi moglo biti prvi put da se jedna od glavnih kampanja dru\u0161tvenog in\u017eenjeringa, ranije rezervisana za <em>Windows<\/em> operativne sisteme, \u0161iri ne samo u smislu geolokacije ve\u0107 i operativnog sistema. Sa sve vi\u0161e kompromitovanih Internet stranica na raspolaganju, <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni akteri<\/a> imaju mogu\u0107nost da izvr\u0161e napad na ve\u0107i broj korisnika, kradu\u0107i korisni\u010dke informacije za prijavu i datoteke koje poslije mogu iskoristiti za prodaju ili nove napade.<\/span><\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/23\/atomic-stealer-se-siri-putem-laznih-azuriranja\/#ATOMIC_STEALER_CLEARFAKE\" >ATOMIC STEALER: CLEARFAKE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/23\/atomic-stealer-se-siri-putem-laznih-azuriranja\/#CLEARFAKE_FUNKCIONISANJE\" >CLEARFAKE FUNKCIONISANJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/23\/atomic-stealer-se-siri-putem-laznih-azuriranja\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/23\/atomic-stealer-se-siri-putem-laznih-azuriranja\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"ATOMIC_STEALER_CLEARFAKE\"><\/span><span style=\"font-size: 14pt;\"><strong><em>ATOMIC STEALER: CLEARFAKE<\/em><\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>ClearFake<\/em>\u00a0 je novija kampanja <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernog softvera<\/a> koja koristi kompromitovane Internet lokacije za distribuciju la\u017enih a\u017euriranja pregleda\u010da. Zlonamjerni softver je <a href=\"https:\/\/rmceoin.github.io\/malware-analysis\/clearfake\/\" target=\"_blank\" rel=\"noopener\">prvobitno otkrio <em>Randy McEoin<\/em> u avgustu<\/a> i od tada je pro\u0161ao kroz brojne nadogradnje, uklju\u010duju\u0107i upotrebu pametnih ugovora za izgradnju njegovog mehanizma za preusmjeravanje, \u0161to ga \u010dini jednom od najrasprostranjenijih i najopasnijih \u0161ema dru\u0161tvenog in\u017eenjeringa.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/infosec.exchange\/@ankit_anubhav\/111425827558836814\" target=\"_blank\" rel=\"noopener\">U novembru je sigurnosni istra\u017eiva\u010d <em>Ankit Anubhav<\/em> primjetio<\/a> je da <em>ClearFake<\/em> napada i korisnike\u00a0 i <em>Mac OS<\/em> ure\u0111aja sa odgovaraju\u0107im <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\">korisnim teretom<\/a>, koji je <em>DMG<\/em> datoteka koja treba da zavara korisnike da je a\u017euriranje za <em>Safari<\/em> ili <em>Chrome<\/em>. Jednom kada se datoteka otvori i dobiju administrativne dozvole, ona izvr\u0161ava komande koje omogu\u0107avaju kra\u0111u <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinki<\/a> i datoteka.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>ClearFake<\/em> koristi visok nivo obmane, koriste\u0107i \u0161ablone koji opona\u0161aju zvani\u010dne Internet stranice, gdje za <em>Safari <\/em>Internet pregleda\u010d \u0161ablon veoma li\u010di na <em>Apple<\/em> zvani\u010dnu Internet stranicu dostupnu na razli\u010ditim jezicima, a za korisnike Google Chrome Internet pregleda\u010da na <em>Mac OS<\/em> ure\u0111ajima, \u0161ablon je sli\u010dan onom koji se koristi za korisnike <em>Windows<\/em> operativnog sistema, odr\u017eavaju\u0107i dosljedan obmanjujuc\u0301i izgled.<\/span><\/p>\n<div id=\"attachment_5696\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5696\" class=\"size-full wp-image-5696\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/a-fake-update.webp\" alt=\"a-fake-update\" width=\"1024\" height=\"359\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/a-fake-update.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/a-fake-update-300x105.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/a-fake-update-768x269.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/a-fake-update-18x6.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5696\" class=\"wp-caption-text\"><em>Lazno Safari i Chrome azururanje; Source: Malwarebytes<br \/><\/em><\/p><\/div>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"CLEARFAKE_FUNKCIONISANJE\"><\/span><span style=\"font-size: 14pt;\"><strong><em>CLEARFAKE <\/em>FUNKCIONISANJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">U ovoj kampanji, zlonamjerni akteri bi prvo kompromitovali Internet lokaciju (bilo putem <a href=\"https:\/\/sajberinfo.com\/en\/2023\/09\/07\/brute-force-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">napada grube sile<\/a>, zloupotrebe ranjivosti ili preko akreditiva za prijavu na mra\u010dnom Internetu), a zatim bi napravili iska\u010duc\u0301i oglas koji opona\u0161a upit za a\u017euriranje pregleda\u010da.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Korisnici koji posje\u0107uju ove Internet stranice treba da povjeruju da njihov pretra\u017eiva\u010d treba da se a\u017eurira da bi mogli da vide sadr\u017eaj. Da stvar bude jo\u0161 gora, la\u017ene stranice su prili\u010dno ubjedljive i prili\u010dno dobro opona\u0161aju glavne brendove kao \u0161to su <em>Apple<\/em> ili <em>Google<\/em>. Manje oprezni korisnici se mogu lako prevariti izgledom Internet stranica i navesti da pomisle da zaista treba da a\u017euriraju svoj pregleda\u010d.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u010cim \u017ertve pokrenu zlonamjerni softver, on \u0107e ukrasti podatke i odmah ih poslati na <em>C2<\/em> servere napada\u010da. <em>Atomic Stealer<\/em> preuzima podatke kao \u0161to su lozinke, automatska popunjavanja, korisni\u010dke informacije, kripto nov\u010danike, kola\u010dic\u0301e pretra\u017eiva\u010da i podatke o <em>Apple <\/em>menad\u017eeru lozinki.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Globalno posmatrano la\u017ena a\u017euriranja Internet pregleda\u010da su uglavnom predstavljala prijetnju korisnicima <em>Windows<\/em> operativnog sistema. Me\u0111utim, popularnost kradljivca podatka poput <em>Atomic Stealer<\/em> zlonamjernog softvera u\u010dinila je prilago\u0111avanje korisnog optere\u0107enja razli\u010ditim operativnim sistemima, uklju\u010duju\u0107i <em>MacOS<\/em>, izvodljivim za zlonamjerne aktere. Ova promjena signalizira pove\u0107anje broja prijetnji za korisnike <em>Mac<\/em> ure\u0111aja, koji su mo\u017eda ranije smatrali da su njihovi sistemi manje podlo\u017eni takvim napadima.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Zbog svega navedenog korisnici moraju biti oprezni prilikom a\u017euriranja Internet pregleda\u010da i ostalih <em>Mac<\/em> aplikacija, i voditi ra\u010duna o sljede\u0107em:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">A\u017euriranje <em>Safari<\/em> Internet pregleda\u010da se vr\u0161i putem menija za a\u017euriranje softvera koji se pronalazi klikom na <em>Apple<\/em> meni i zatim na postavke sistema.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Korisnici koji koriste <em>Google<\/em> <em>Chrome<\/em> na <em>Mac<\/em> ure\u0111ajima, treba da znaju da se a\u017euriranje ovog Internet pregleda\u010da obi\u010dno de\u0161ava automatski. Ako pregleda\u010d nije zatvoren du\u017ee vrijeme, korisnici mogu vidjeti upit za a\u017euriranje u gornjem desnom uglu otvorenog prozora, pored tri ta\u010dke koje otvaraju <em>Chrome<\/em> meni.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Ni u kom slu\u010daju korisnici ne treba da preuzimaju ili instaliraju a\u017euriranja Internet pregleda\u010da sa Internet stranica koje tvrde da je pregleda\u010d zastario, jer kompanije <em>Apple<\/em> i <em>Google<\/em> ne isporu\u010duju a\u017euriranja svojim korisnicima na ovaj na\u010din. Korisnici koji vide ovo trebalo bi da se klone i upozorenja i Internet stranice na kojoj su ga dobili, jer iza svega najvjerovatnije stoje zlonamjerni akteri.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Korisnici trebaju uvijek provjeriti Internet adresu pa\u017eljivo kako bi bili sigurni da odgovara legitimnoj Internet stranici.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Korisnici bi trebalo i da razmisle o kori\u0161\u0107enju jednog od preporu\u010denih <em>Mac<\/em> antivirusnih softverskih rje\u0161enja. Naravno, <em>XProtect<\/em> dolazi unaprijed instaliran na svakom <em>Mac<\/em> ra\u010dunaru, ali \u010desto je dobra ideja ulo\u017eiti u pla\u0107eni <a href=\"https:\/\/sajberinfo.com\/en\/2021\/08\/17\/antivirusni-softver\/\" target=\"_blank\" rel=\"nofollow noopener\">antivirusni softver<\/a> radi dodatne za\u0161tite.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Korisnici bi trebalo da redovno a\u017euriraju operativni sistem i aplikacije, kako bi na vrijeme ispravili sigurnosne propuste koje zlonamjerni softver mo\u017ee da iskoristi.<\/span><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Atomic Stealer (poznat jo\u0161 kao AMOS) popularan je kradljivac podatka koji cilja Mac OS ure\u0111aje. Jo\u0161 u septembru je bilo rije\u010di o tome kako ovaj zlonamjerni softver napada korisnike putem zlonamjernih oglasa,\u00a0 sada u&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5694,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[580,581,148,144],"class_list":["post-5688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-atomic-stealer","tag-clearfake","tag-infostealer","tag-macos"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5688"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5688\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5694"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}