{"id":245608,"date":"2026-03-01T19:33:34","date_gmt":"2026-03-01T19:33:34","guid":{"rendered":"https:\/\/bm.dev.synology.me\/?p=245608"},"modified":"2026-03-01T19:33:34","modified_gmt":"2026-03-01T19:33:34","slug":"virusul-care-imita-banca-ta-si-nu-poate-fi-dezinstalat-prima-amenintare-android-cu-ia-generativa","status":"publish","type":"post","link":"https:\/\/bm.dev.synology.me\/?p=245608","title":{"rendered":"Virusul care imit\u0103 banca ta \u015fi nu poate fi dezinstalat. Prima amenin\u0163are Android cu IA generativ\u0103"},"content":{"rendered":"<p>\nCercet\u0103torii ESET avertizeaz\u0103 asupra PromptSpy, un virus Android care se deghizeaz\u0103 \u00een aplica\u0163ie bancar\u0103.<\/p>\n<p>\nMalware-ul imit\u0103 serviciile JPMorgan Chase pentru a inspira \u00eencredere victimelor. Este primul virus Android care folose\u015fte inteligen\u0163\u0103 artificial\u0103 \u00een timp real, potrivit ESET, citat de Cybersecurity360.it.<\/p>\n<p>\nOdat\u0103 desc\u0103rcat, virusul lanseaz\u0103 automat o pagin\u0103 web. Aceasta se prezint\u0103 fraudulos ca un serviciu al b\u0103ncii JPMorgan Chase, sub numele \u201eMorganArg\u201d. Exploateaz\u0103 autoritatea m\u0103rcii bancare pentru a c\u00e2\u015ftiga \u00eencrederea utilizatorului.<\/p>\n<p>\nDropperul solicit\u0103 apoi victimei permisiunea de a instala aplica\u0163ii din surse necunoscute. Odat\u0103 acordat\u0103, instaleaz\u0103 automat virusul, complet\u00e2nd lan\u0163ul de infec\u0163ie.<\/p>\n<p>\nPromptSpy preia controlul complet al dispozitivului. Un modul VNC permite atacatorilor s\u0103 vad\u0103 \u015fi s\u0103 controleze ecranul de la distan\u0163\u0103. Poate face capturi de ecran, \u00eenregistra videoclipuri \u015fi colecta date de pe ecranul de blocare, inclusiv coduri PIN \u015fi parole.<\/p>\n<p>\nComunica\u0163iile cu serverul atacatorilor sunt criptate AES, \u00eengreun\u00e2nd detectarea.<\/p>\n<p>\nVirusul suprapune elemente invizibile peste ecran. Orice tentativ\u0103 de dezinstalare este blocat\u0103. PromptSpy folose\u015fte modelul Gemini al Google pentru a interpreta interfa\u0163a telefonului \u00een timp real. Trimite modelului structura ecranului \u015fi prime\u015fte instruc\u0163iuni despre cum s\u0103 ac\u0163ioneze. Se adapteaz\u0103 la orice dispozitiv, f\u0103r\u0103 a necesita actualiz\u0103ri de cod.<\/p>\n<p>\n\u201eUtilizarea IA generative permite atacatorilor s\u0103 se adapteze la orice dispozitiv, layout sau versiune de sistem de operare&#8221;, avertizeaz\u0103 cercet\u0103torul ESET Lukas Stefanko. Dac\u0103 aceast\u0103 abordare ar deveni larg r\u0103sp\u00e2ndit\u0103, ne-am putea confrunta cu malware capabile s\u0103-\u015fi modifice comportamentul \u00een timp real, adapt\u00e2ndu-se la schimb\u0103rile din mediul de operare.<\/p>\n<p>\nPromptSpy nu este disponibil pe Google Play. Instala\u0163i aplica\u0163ii doar din surse oficiale, transmit cei de la ESET.<\/p>\n<p>\nGoogle Play Protect detecteaz\u0103 versiunile cunoscute ale virusului \u015fi este activ implicit pe dispozitivele Android.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cercet\u0103torii ESET avertizeaz\u0103 asupra PromptSpy, un virus Android care se deghizeaz\u0103 \u00een aplica\u0163ie bancar\u0103. Malware-ul imit\u0103 serviciile JPMorgan Chase pentru a inspira \u00eencredere victimelor. Este primul virus Android care folose\u015fte inteligen\u0163\u0103 artificial\u0103 \u00een timp real, potrivit ESET, citat de Cybersecurity360.it. Odat\u0103 desc\u0103rcat, virusul lanseaz\u0103 automat o pagin\u0103 web. Aceasta se prezint\u0103 fraudulos ca un serviciu [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[510],"tags":[12670,11605],"class_list":["post-245608","post","type-post","status-publish","format-standard","hentry","category-actualitate","tag-android","tag-virus"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/245608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=245608"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/245608\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=245608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=245608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=245608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}