{"id":163673,"date":"2018-08-23T15:36:26","date_gmt":"2018-08-23T15:36:26","guid":{"rendered":"https:\/\/bm.dev.synology.me\/?p=163673"},"modified":"2018-08-23T15:36:26","modified_gmt":"2018-08-23T15:36:26","slug":"casele-de-schimb-de-criptomonede-atacate-de-un-celebru-grup-de-hacking","status":"publish","type":"post","link":"https:\/\/bm.dev.synology.me\/?p=163673","title":{"rendered":"Casele de schimb de criptomonede, atacate de un celebru grup de hacking"},"content":{"rendered":"<p>\nAcesta este primul caz \u00een care cercet\u0103torii Kaspersky Lab au observat c\u0103 celebrul grup Lazarus a distribuit malware pentru utilizatorii de macOS \u015fi este un semnal de alarm\u0103 pentru to\u0163i cei care folosesc acest sistem de operare pentru activit\u0103\u0163i legate de criptomonede.<\/p>\n<p>\nPe baza analizei realizate de echipa GReAT, p\u0103trunderea \u00een infrastructura casei de schimb a \u00eenceput \u00een momentul \u00een care un angajat a desc\u0103rcat o aplica\u0163ie de pe un site care p\u0103rea legitim, al unei companii care dezvolt\u0103 software pentru schimbul de criptomonede.<\/p>\n<p>\nCodul aplica\u0163iei nu pare suspect, cu excep\u0163ia unei singure componente, cea de actualizare. \u00cen software-ul legitim, astfel de componente sunt folosite pentru a desc\u0103rca noi versiuni ale programelor. \u00cen cazul AppleJeus, se comport\u0103 ca un modul aflat \u00een recunoa\u015ftere: mai \u00eent\u00e2i colecteaz\u0103 informa\u0163ii generale despre computerul pe care a fost instalat, apoi trimite aceste informa\u0163ii la serverul de comand\u0103 \u015fi control. Dac\u0103 atacatorii decid c\u0103 merit\u0103 s\u0103 fie atacat acel computer, codul infectat revine sub forma unei actualiz\u0103ri. Aceasta instaleaz\u0103 un troian cunoscut ca Fallchill, un instrument vechi pe care grupul Lazarus a \u00eenceput recent s\u0103-l refoloseasc\u0103. Pe baza indiciului respectiv, cercet\u0103torii au avut un punct de plecare \u00een atribuire. \u00cen momentul instal\u0103rii, troianul Fallchill le ofer\u0103 atacatorilor acces aproape nelimitat la computer, permi\u0163\u00e2ndu-le s\u0103 fure informa\u0163ii financiare valoroase sau s\u0103 lanseze alte instrumente \u00een acest scop.<\/p>\n<p>\nInfractorii au dezvoltat software at\u00e2t pentru Windows, c\u00e2t \u015fi pentru platforma macOS. Ultima este, \u00een general, mult mai pu\u0163in expus\u0103 la amenin\u0163\u0103ri cibernetice, comparativ cu Windows. Func\u0163ionalitatea versiunilor pentru ambele platforme este exact aceea\u015fi.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cercet\u0103torii din echipa global\u0103 de cercetare \u015fi analiz\u0103 a Kaspersky Lab (GReAT) au descoperit AppleJeus \u2013 o nou\u0103 opera\u0163iune a grupului Lazarus. Atacatorii au p\u0103truns \u00een re\u0163eaua unei case de schimb de criptomonede folosind un program infectat cu un troian. Scopul atacului era s\u0103 fure criptomonede de la victime. \u00cen afar\u0103 de malware-ul pentru Windows, cercet\u0103torii au reu\u015fit s\u0103 identifice o versiune necunoscut\u0103 p\u00e2n\u0103 acum, care vizeaz\u0103 platforma macOS.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[510],"tags":[8225,38663,18728,4131,16273,32766,467,10657,33680,11528,10024,12591],"class_list":["post-163673","post","type-post","status-publish","format-standard","hentry","category-actualitate","tag-analiza","tag-atacatori","tag-casa-de-schimb","tag-case","tag-cercetatori","tag-folosire","tag-grup","tag-kaspersky","tag-patrundere","tag-schimb","tag-versiune","tag-windows"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/163673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=163673"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/163673\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=163673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=163673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=163673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}