ka san wani abu akai PhantomLance Backdoor? Wasu gungun masu satar bayanai na amfani da Google Play don rarraba malware da aka yi amfani da su wajen satar bayanan sirri tun karshen shekarar 2016.
Kaspersky Laboratories sun raba cikakken rahoto kan PhantomLance Trojan backdoor, wanda aka yiwa lakabi da wani tsari na malware, wanda ba wai kawai ya fi wahalar ganowa ba amma kuma yana da wahala a bincika.
Apps Store na Google Play wanda PhantomLance Backdoor ya kamu da su sun kasance suna satar bayanai tun 2016
Kaspersky ya ba da rahoton cewa malware na iya samun dama ga duk bayanai akan wayar da ta kamu da cutar:
Babban burin PhantomLance shine tattara mahimman bayanai daga na'urar wanda aka azabtar. Malware na iya ba wa masu karɓar sa bayanan wuri, rajistan ayyukan kira, saƙonnin rubutu, jerin aikace-aikacen da aka shigar, da cikakkun bayanai game da wayar hannu da ta kamu da cutar.
Bugu da ƙari, ana iya ƙara aikin sa a kowane lokaci ta hanyar loda ƙarin samfura daga uwar garken C&C.
Malware a cikin Google Play apps
A yayin binciken, an sami malware a cikin shahararrun ƙa'idodi da abubuwan amfani waɗanda ke ba masu amfani damar canza fontsu, cire tallace-tallace, da kuma tsaftace tsarin. Masu haɓakawa da ke bayan waɗannan ƙa'idodin sun sami damar ketare duk wani bincike na tsaro a kan Google Play Store ta farawa da nau'ikan ƙa'idodin su marasa ɓarna.
Da zarar an buga aikace-aikacen, sun sami damar ƙara abubuwa masu ɓarna daga baya ta hanyar sabuntawa, waɗanda Shagon Google Play ba ya sarrafa su. Masu haɓakawa kuma sun sami damar ƙirƙirar bayanan martaba na musamman akan GitHub don aiki azaman amintattun tushen ci gaba.
An ba da rahoton cewa manyan abubuwan da ake hari na PhantomLance sun kasance masu amfani a Vietnam. Koyaya, an zazzage apps masu kamuwa da cuta a wasu sassan duniya. An haɗa Trojan ɗin zuwa wata ƙungiya mai suna OceanLotus, wacce ke da tarihin irin wannan harin malware akan tsarin aiki na tebur. Wadannan kungiyoyi galibi suna samun goyon bayan manyan jami'ai da ma gwamnatoci.
Ko da yake Google ya cire waɗannan manhajoji daga Play Store, har yanzu ana samun su akan layi akan wasu gidajen yanar gizo masu saukar da APK da sauran shagunan na ɓangare na uku.
Da alama ko da kawai ka shigar da apps daga Google Play Store, har yanzu ba shi da aminci sai dai idan ka tabbatar da sahihancin masu haɓakawa. Binciken Google mai sauri zai iya bayyana bayanai masu inganci game da masu haɓakawa, kuma idan wani abu ya yi kama da shakku a cikin sakamakon binciken, guje wa irin waɗannan aikace-aikacen.
Budaddiyar yanayin Android shima yana iya aiki da shi, saboda kowa yana iya yin rajistar Play Store kawai kuma ya buga app mai cutarwa.
Wannan har yanzu yana da ban tsoro ga tsarin aiki da ya fi shahara a duniya, walau Desktop ko wayar hannu. Ana amfani da Android akan na'urori biliyan 2.500 a duk duniya, kuma Google akai-akai ya kasa samar da isassun bayanan sirri da tsaro ga masu amfani don aikace-aikacen da ake rarrabawa ta kasuwannin hukuma.
Idan kuna sha'awar bayanan fasaha na yadda malware ke aiki da kuma binciken da Kaspersky Labs ya gudanar a bayan fage, karanta cikakken rahoton su anan.