{"id":182410,"date":"2020-04-28T16:50:29","date_gmt":"2020-04-28T16:50:29","guid":{"rendered":"https:\/\/bm.dev.synology.me\/?p=182410"},"modified":"2020-04-28T16:50:29","modified_gmt":"2020-04-28T16:50:29","slug":"avertisment-sri-inca-un-virus-troian-care-fura-datele-bancare-din-browser","status":"publish","type":"post","link":"https:\/\/bm.dev.synology.me\/?p=182410","title":{"rendered":"Avertisment SRI: \u00cenc\u0103 un virus troian care fur\u0103 datele bancare din browser"},"content":{"rendered":"<p>\nSRI anun\u0163\u0103 c\u0103 a fost identificat un nou virus bancar. Qbot vizeaz\u0103 clien\u0163ii care folosesc internet banking-ul prin browser \u015fi fur\u0103 datele de acces. Troianul fur\u0103 datele de acces dup\u0103 ce trimite e-mailuri capcan\u0103.&nbsp;<\/p>\n<p>\nAvertismentul vine de la SRI, care sus\u0163ine c\u0103 a fost identificat\u0103 o campanie de atacuri cibernetice a unei grup\u0103ri de criminalitate care utilizeaz\u0103 troianul bancar Qbot (QakBot, Plinkslipbot, QuakBot).<\/p>\n<p>\nTroianul vizeaz\u0103 \u00een special clien\u0163ii din domeniul financiar-bancar din SUA, Rom\u00e2nia, Canada \u015fi Grecia. Qbot a vizat \u015fi clien\u0163i ai organiza\u0163iilor din domeniul tehnologic, comercial \u015fi al telecomunica\u0163iilor.<\/p>\n<p>\n\u00cen Rom\u00e2nia, campania a vizat clien\u0163ii unor platforme care utilizeaz\u0103 servicii de internet banking prin browser (Chrome, FireFox, Microsoft Edge) \u015fi nu prin aplica\u0163iile specializate.<\/p>\n<p>\nPrin transmiterea unor e-mail-uri capcan\u0103 (spear-phishing), Qbot este programat s\u0103 fure datele de acces pentru platforme specifice companiilor financiar-bancare \u015fi serviciilor de e-mail \u015fi date financiare. Mesajele pot avea link \u00een con\u0163inut sau ata\u015fament. Ata\u015famentul este un fi\u015fier de tip zip, care con\u0163ine un document MS Word ce ruleaz\u0103 un macro prin care se descarc\u0103 troianul \u015fi se realizeaz\u0103 infectarea dispozitivului.<\/p>\n<p>\nOdat\u0103 instalat, Qbot verific\u0103 existen\u0163a unui anti-virus, \u00ee\u015fi asigur\u0103 persisten\u0163a \u00een sistem \u015fi utilizeaz\u0103 certificate de securitate valide pentru a evita detec\u0163ia. Ulterior, troianul extrage creden\u0163iale de acces \u015fi date financiare de pe dispozitivul infectat.<\/p>\n<p>\nSRI informeaz\u0103 c\u0103 Qbot poate infecta \u015fi alte dispozitive dintr-o re\u0163ea cu un dispozitiv deja compromis.<\/p>\n<p>\nPentru a diminua riscul de infectare cu troianul bancar Qbot, SRI recomand\u0103:<\/p>\n<p>\nutilizarea de solu\u0163ii anti-virus \u015fi actualizarea constant\u0103 a semn\u0103turilor acestora;<br \/>\nevitarea deschiderii ata\u015famentelor sub form\u0103 de arhiv\u0103 dac\u0103 provenien\u0163a acestora este incert\u0103 \u015fi dac\u0103 nu au fost verificate \u00een prealabil cu solu\u0163ii de detec\u0163ie anti-virus;<br \/>\nevitarea deschiderii ata\u015famentelor sau link-urilor din cadrul mesajelor e-mail suspecte;<br \/>\nactualizarea sistemului de operare \u015fi evitarea utiliz\u0103rii sistemelor de operare care nu mai primesc suport din partea produc\u0103torului;<br \/>\nnotificarea b\u0103ncii atunci c\u00e2nd observa\u0163i tranzac\u0163ii bancare care nu v\u0103 apar\u0163in;<br \/>\ndezactivarea execut\u0103rii automate a unor rutine din MS Office (macro-uri);<br \/>\nevitarea execut\u0103rii manuale a macro-urilor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SRI anun\u0163\u0103 c\u0103 a fost identificat un nou virus bancar. Qbot vizeaz\u0103 clien\u0163ii care folosesc internet banking-ul prin browser \u015fi fur\u0103 datele de acces. Troianul fur\u0103 datele de acces dup\u0103 ce trimite e-mailuri capcan\u0103.&nbsp; Avertismentul vine de la SRI, care sus\u0163ine c\u0103 a fost identificat\u0103 o campanie de atacuri cibernetice a unei grup\u0103ri de criminalitate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[510],"tags":[7443,3878],"class_list":["post-182410","post","type-post","status-publish","format-standard","hentry","category-actualitate","tag-sri","tag-troian"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/182410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=182410"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/182410\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=182410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=182410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=182410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}