Masu bincike na tsaro a Ra'ayin Dubawa sun gano wata sabuwar manhaja mai suna 'Judy' wacce a yanzu ta ke cutar da miliyoyin wayoyin salula na Android a duniya. A cewar su, wataƙila wannan shine mafi girman kamfen na malware akan Google Play Store wanda ya riga ya kamu da na'urorin Android miliyan 36.5.
Menene Judy?
Dangane da shafin yanar gizon da Checkpoint ya buga a ranar Alhamis, Judy adware ce da ake amfani da ita don ƙirƙirar latsa yaudara akan talla don samun kuɗi. Yana haifar da dannawa na karya akan na'urorin da abin ya shafa kuma kusan aikace -aikace 41 suna yada wannan cutar.
“Malware, wanda aka yiwa lakabi da“ Judy ”, adware ne na dannawa ta atomatik wanda aka samo akan aikace-aikacen 41 da wani kamfanin Koriya ya haɓaka. Malware na amfani da na’urorin da suka kamu da cutar don samar da makullin lahani na tallace -tallace, yana samar da kudaden shiga ga masu aikata laifin a bayan sa. ”
Yaya yaduwarsa?
Dangane da shafin yanar gizo na Checkpoint, ana tsammanin zazzage malware akan na'urori kusan miliyan 18.5 kuma har zuwa na'urorin miliyan 36.5 na iya shafar su. Wasu daga cikin waɗannan ƙa'idodin sun daɗe a kan shagon Google Play.
Hakanan, masu binciken sun sami ƙarin ƙarin ƙa'idodin da ke ɗauke da irin wannan ɓarna a cikinsu, waɗanda wasu masu haɓakawa suka haɓaka akan Google Play. Alaƙar da ke tsakanin kamfen ɗin biyu har yanzu ba a sani ba, kodayake masu bincike sun yi imanin yana yiwuwa mai haɓaka ɗaya ya karɓi lambar daga ɗayan, "da sani ko ba da sani ba."
Ta yaya Malware ke aiki?
Ka'idodin yaudara suna aiki azaman gadoji don haɗa na'urar mai amfani da sabar adware. Da zarar an kafa haɗin, malware yana kwaikwayon kansa azaman mai bincike na PC don buɗe shafi da samar da dannawa.
"Don ƙetare Bouncer, kariyar Google Play, masu satar bayanan sun ƙirƙiri app ɗin da ke da alaƙa mai kyau, da nufin kafa haɗi da na'urar wanda aka azabtar, da saka shi cikin shagon app."
Da zarar mai amfani ya saukar da ƙaƙƙarfan ƙaƙƙarfan ƙa'ida, yana yin rikodin shiru na na'urar mai amfani zuwa umarni mai nisa da uwar garken sarrafawa, kuma a cikin amsa, yana karɓar ainihin ƙimar da ke ɗauke da JavaScript wanda ke fara aiwatar da ƙeta.
"Malware suna buɗe URLs ta amfani da wakilin mai amfani wanda ke kwaikwayon mai binciken PC a cikin gidan yanar gizon da aka ɓoye kuma yana karɓar juyawa zuwa wani gidan yanar gizon. Da zarar an ƙaddamar da gidan yanar gizon da aka yi niyya, ƙwayoyin cuta suna amfani da lambar JavaScript don ganowa da danna banners daga abubuwan talla na Google, ” masu binciken sun ce.
Bayan danna tallace -tallacen, marubucin malware yana karɓar biyan kuɗi daga mai haɓaka gidan yanar gizon, wanda ke biyan kuɗin latsa da zirga -zirgar haram.
Wanene ke bayan Judy?
"Dukkanin ƙa'idodin ɓarna duk wani kamfanin Koriya ne mai suna Kiniwini, wanda aka yiwa rajista a Google Play a matsayin ENISTUDIO corp. Kamfanin yana haɓaka ƙa'idodin wayar hannu don duka dandamali na Android da iOS. Ba sabon abu ba ne a sami ƙungiya ta ainihi a bayan ɓoyayyun ƙwayoyin cuta ta hannu, kamar yadda yawancinsu 'yan wasan ƙetare ne kawai ke haɓaka su. ”
Yadda za a tabbatar da cewa kuna lafiya?
Bayan Check Point ya sanar da Google game da wannan barazanar, Google ya cire ƙa'idodin ƙazanta daga shagon Play kuma ya sabunta kariyar Bouncer. Amma don tabbatarwa, zaku iya bincika jerin ƙa'idodin ƙazanta waɗanda kamfanin bincike na tsaro ya buga. Kuma idan kuna da ɗayan waɗannan shigar akan na'urarku, cire shi nan da nan.
A farkon wannan watan, wani fansa da ake kira WannaCry ya yi barna a cikin kasashe sama da 100, inda ya buge kwamfutoci sama da 200,000 a cikin kasashe, ciki har da Rasha da Burtaniya. Kuma yanzu, wannan Judy malware ya fito a cikin duniyar wayoyin salula na Android. Ganin cewa ƙwayoyin cuta har ma sun ƙetare kariyar Google Play, da alama masu amfani ba za su iya ma dogara da kantin kayan aikin hukuma don amincin su ba.
