kukhona okwaziyo ngakho PhantomLance Backdoor? Iqembu lezigebengu besebenzisa i-Google Play ukusabalalisa uhlelo olungayilungele ikhompuyutha esetshenziselwe ukweba idatha eyimfihlo kusukela ngasekupheleni kuka-2016.
I-Kaspersky Laboratories yabelane ngombiko onemininingwane nge-PhantomLance Trojan backdoor, ebizwa ngokuthi uhlobo oluyinkimbinkimbi ye-malware, okunzima ukuyithola kuphela kodwa futhi okunzima ukuyiphenya.
Izinhlelo zokusebenza ze-Google Play Isitolo ezingenwe yi-PhantomLance Backdoor bezilokhu zeba idatha kusukela ngo-2016
U-Kaspersky ubika ukuthi uhlelo olungayilungele ikhompuyutha lungakwazi ukufinyelela lonke ulwazi ku-smartphone ethelelekile:
Umgomo oyinhloko we-PhantomLance ukuqoqa ulwazi olubucayi kusuka kudivayisi yesisulu. Uhlelo olungayilungele ikhompuyutha lunganikeza abaqoqi bayo idatha yendawo, amarekhodi amakholi, imilayezo yombhalo, uhlu lwezinhlelo zokusebenza ezifakiwe, kanye nolwazi oluphelele mayelana neselula ethelelekile.
Ngaphezu kwalokho, ukusebenza kwayo kunganwetshwa nganoma yisiphi isikhathi ngokumane kulayishwe amamojula engeziwe asuka kuseva ye-C&C.
Uhlelo olungayilungele ikhompuyutha kuzinhlelo zokusebenza ze-Google Play
Phakathi nophenyo, uhlelo olungayilungele ikhompuyutha lutholwe ezinhlelweni zokusebenza ezidumile nasezinsizeni ezivumela abasebenzisi ukuthi bashintshe amafonti, basuse izikhangiso, futhi bahlanze isistimu. Onjiniyela abalandela lezi zinhlelo zokusebenza bakwazile ukudlula noma yikuphi ukuhlolwa kokuvikela ku-Google Play Isitolo ngokuqala ngezinguqulo ezingenalo unya zezinhlelo zabo zokusebenza.
Uma izinhlelo zokusebenza sezishicilelwe, zikwazile ukungeza izici ezinonya ngokuhamba kwesikhathi ngezibuyekezo, i-Google Play Store engazilawulanga. Onjiniyela bakwazile futhi ukudala amaphrofayili ahlukile ku-GitHub ukuze asebenze njengemithombo yokuthuthukiswa ethembekile.
Okuhlosiwe okuyinhloko kwe-PhantomLance kubikwa ukuthi kungabasebenzisi e-Vietnam. Nokho, izinhlelo zokusebenza ezingenwe yileli gciwane ziye zalandwa kwezinye izingxenye zomhlaba. I-Trojan ixhunywe eqenjini elibizwa nge-OceanLotus, elinomlando wokuhlaselwa okufanayo kwe-malware kumasistimu wokusebenza wedeskithophu. La maqembu avame ukwesekwa yizikhulu eziphezulu ngisho nohulumeni imbala.
Yize i-Google izisusile lezi zinhlelo zokusebenza ku-Google Play Isitolo, zisatholakala ku-inthanethi kumawebhusayithi okulanda ama-APK ahlukahlukene nakwezinye izitolo zezinkampani zangaphandle.
Kubonakala sengathi noma ufaka kuphela izinhlelo zokusebenza ezisuka ku-Google Play Isitolo, namanje akuphephile ngaphandle kokuthi uqinisekise ubuqiniso bonjiniyela. Usesho olusheshayo lwe-Google lungadalula ulwazi oluningi oluthembekile mayelana nabathuthukisi, futhi uma kukhona okubukeka kuthandabuza emiphumeleni yosesho, gwema izinhlelo zokusebenza ezinjalo.
Imvelo evulekile ye-Android nayo ingasebenza ngokumelene nayo, njengoba noma ubani angavele abhalisele i-Google Play Isitolo futhi athumele uhlelo lokusebenza olunonya.
Lokhu kusathusa ohlelweni lokusebenza oludume kakhulu emhlabeni, kungaba ideskithophu noma iselula. I-Android isetshenziswa kumadivayisi ayizigidi eziyizinkulungwane ezingu-2.500 emhlabeni jikelele, futhi i-Google yehlulekile kaningi ukunikeza iziqinisekiso ezanele zobumfihlo neziqinisekiso zokuphepha kubasebenzisi bezinhlelo zokusebenza ezisatshalaliswa endaweni yayo yemakethe esemthethweni.
Uma unentshisekelo kusizinda sobuchwepheshe sokuthi uhlelo olungayilungele ikhompuyutha lusebenza kanjani kanye nocwaningo olwenziwa ngaphandle kwezigcawu yi-Kaspersky Labs, funda umbiko wabo onemininingwane lapha.