I-Cthulhu: i-malware entshontsha imali yakho ye-cryptocurrensets ku-Mac

I-Cthulhu

Uhlelo olungayilungele ikhompuyutha olubizwa ngokuthi i-Cthulhu luwusongo lwakamuva oluthinta abasebenzisi be-MacOS futhi lunezinto ezingavamile, okungenzeka ukuthi uziqagele ngokufunda isihloko sokuthunyelwe: yakhelwe ngokuqondile ukweba ama-cryptocurrencies.

Lolu hlelo olungayilungele ikhompuyutha luqondise amawalethi e-cryptocurrency agcinwe kumasistimu athintekile futhi anamandla okukhipha ulwazi olubucayi, olufana nokhiye abayimfihlo nemininingwane, engasetshenziswa ukukhipha izikhwama zemali ye-crypto yezisulu.

Ngakho-ke uma ufuna ukwazi okwengeziwe mayelana neCthulhu, ukuthi yenzani, ukuthi yakhiwe kanjani futhi ngaphezu kwakho konke, ukuthi ungalwa kanjani nayo, sikweluleka ukuthi uqhubeke ufunda lokhu okuthunyelwe lapho sizokunikeza khona yonke imininingwane. Nazo-ke!

Izici ze-Cthulhu Malware

i-antivirus ye-mac iyadingeka

Ngokungafani nezinye izinhlobo eziningi zohlelo olungayilungele ikhompuyutha ngokuvamile oluqondise kumasistimu e-Windows noma e-Android, i-Cthulhu yakhelwe ukuhlasela ngokuqondile abasebenzisi be-MacOS, inkundla ebikade ibhekwa njengephephile futhi engathandeki ekuthelelekeni nge-malware.

Futhi njengoba sasibonisile kwezinye izikhathi, iqiniso lokuthi i-macOS iyinkundla enabasebenzisi abambalwa ayikwenzi ukuthi ingathinteki futhi. ukuthola isabelo semakethe kunezingxenye zakho ezingezinhle, njengokuvusa isithakazelo sabahlaseli.

Cthulhu Goal

Ukuze untshontshe imali yakho eyimfihlo, uhlelo olungayilungele ikhompuyutha lusesha izikhwama zemali ozigcine endaweni kudivayisi yakho ethelelekile.

Uma usuwatholile, I-Cthulhu ikhipha okhiye abayimfihlo nolunye ulwazi olubalulekile oluvumela abahlaseli ukuthi badlulisele izimali kuma-akhawunti abo futhi njengoba imali ye-crypto iyinto engalawuleki futhi inokulandeleka okuncane noma okungekho ... ukweba bekuzombozwa.

Indlela le malware esabalaliswa ngayo

Indlela eqondile yokusabalalisa ye-Cthulhu ayicacile ngokuphelele, kodwa njengezinye izinhlobo eziningi zohlelo olungayilungele ikhompuyutha, ingasatshalaliswa ngezinanyathiselwa ze-imeyili ezinonya, ukulandwa kwesofthiwe okukokoteliwe noma okungelona iqiniso, amawebhusayithi onakalisiwe, noma ngokuxhaphaza ubungozi kusofthiwe yesistimu yokusebenza.

Ngokuqondile, kunamahemuhemu ukuthi yayisakazwa “njengemifantu” yemidlalo ethandwayo njenge-Diablo, i-World of Warcraft noma i-Minecraft, futhi ifihliwe kwezinye izindlela zalezi, kanye naku "Jack Sparrow" izinguqulo ze-CleanMyMacX.

Kodwa i-antivirus izokwazi ukubona uCthulhu, akunjalo?

Masikhulume iqiniso, le malware inesikhathi esilula sokusabalalisa ngenxa yezinga eliphansi lokwamukelwa kwesoftware yezokuphepha ye-macOS. Kepha sicabanga ukuthi ungumfundi ojwayelekile we-SoydeMac nokuthi usinakile. amathiphu esikunikeza wona mayelana nokuphepha, angithi?

Kodwa nakwi-antivirus ehloniphekile kunzima ukuthola i-malware, ngoba kubonakala kunjalo I-Cthulhu inamakhono athile okubalekela athuthukile ukuze igweme ukutholwa nge-antivirus kanye nesoftware yezokuphepha ku-macOS, okuhlanganisa namasu anjengokubhala ngekhodi ikhodi yakho, ukusebenzisa izindlela zokufiphaza, noma ukusizakala ngezimvume ezisemthethweni ukugwema ukuphakamisa izinsolo.

Masithole igeeky: Bamzala kanjani uCthulhu?

ukuthola amagciwane ku-mac kubalulekile

Kuhle ukuthi usuyazi ukuthi lolu hlelo olungayilungele ikhompuyutha lumayelana nani, kodwa lapha sizokunikeza eminye imikhondo yokuthi uhlelo olungayilungele ikhompuyutha luklanywa kanjani ukuze wazi ukuthi yini oyifunayo uma ubona lesi silo sase-Lovecraftian sivela ku-Mac yakho.

Ulimi Lokuhlela Lwe-Cthulhu: I-Chimera Yesofthiwe

Ngaphandle kokuba nekhodi yomthombo phambi kwethu, sikholwa ukuthi kungenzeka lokho I-Cthulhu ibhalwe ngo-Objective-C noma nge-Swift, izilimi zokuhlela ezisetshenziswa kakhulu ukuthuthukisa izinhlelo zokusebenza ku-macOS, into engayivumela ukuthi ihlanganiswe ngokujulile nohlelo lokusebenza futhi igweme amasu omdabu okuthola uhlelo olungayilungele ikhompuyutha.

Kodwa futhi ungasebenzisa izingxenye ku-C noma ku-C++ ngezigaba ezidinga ukubulawa eduze nohlelo, njengokuphathwa kwememori noma ukukhohliswa kwamafayela ohlelo, njengoba kuyizilimi lapho lawa masevisi afakwe khona.

Ukuqonda uhlelo olungayilungele ikhompuyutha: igciwane lenziwe ngamamojula amancane

Uhlelo olungayilungele ikhompuyutha lungahlukaniswa ngamamojula ambalwa, ngalinye lifeza umsebenzi othile:

Imojula yokutheleleka kokuqala

Le mojula inesibopho sokwenza ikhodi enonya kusistimu yesisulu, okuyinto ingase isebenzise ubungozi kuzinhlelo zokusebenza zezinkampani zangaphandle noma ukhohlise umsebenzisi sebenzisa ifayela elibonakala lilungile (isibonelo, i-PDF noma isifaki sesofthiwe yegeyimu edliwe), ukuze ungene ohlelweni.

Imojuli yokuphikelela

Uma uhlelo olungayilungele ikhompuyutha selufakiwe, le mojula iqinisekisa ukuthi ihlala kusistimu ngisho nangemva kokuqalisa kabusha. Ukuze kuzuzwe ukuphikelela, i-Cthulhu ingashintsha amafayela wokucushwa kwesistimu.

Futhi ngaphakathi kwalokhu kuzongena i faka izikripthi zokuqalisa kuzinkomba zokuqalisa ze-macOS (/Library/LaunchDaemons noma /Library/LaunchAgents) noma sebenzisa cubungula amasu omjovo ukuze asebenze ngaphakathi kwezinqubo ezisemthethweni zesistimu.

Imojula yokugwema

Ukuze agweme ukutholwa, u-Cthulhu angasebenzisa amasu ahlukahlukene okugwema, njenge:

  • Ukubethela kanye ne-obfuscation: Bethela izingxenye zekhodi ukuze uvimbele ukuthi zingabonwa izinjini zokuvikela amagciwane. Lapha sinethuba lokufiphaza ikhodi yakho ukuze kube nzima kubahlaziyi ukuthi bayifunde futhi bayiqonde.
  • Ukuvimbela Ukuphepha: Zama ukukhubaza izici zokuphepha zesistimu, njenge-Gatekeeper noma i-XProtect, okuyizivikelo zomdabu ze-MacOS.
  • Ukuqapha umsebenzi wokuvikela: Thola ukwenziwa kwamathuluzi okuvikela futhi ukhubaze okwesikhashana umsebenzi wawo onobungozi ukuze ugweme ukutholwa.

Imojula yokuqoqwa kolwazi: ukhiye wokweba ama-cryptocurrencies

Siyabonga kule mojula, igciwane liskena isistimu ukuze lithole amafayela kumawallet aziwayo e-cryptocurrency (isibonelo, amafayela wokumisa uhlelo lokusebenza njenge Electrum, Eksodusi, noma okufanayo).

Uma usuzitholile, ifinyelela kumafayela wesikhwama bese ikhipha okhiye abayimfihlo nembewu yokutakula, bese ithunyelwa kumyalo nokulawula iseva (C2) ilawulwa abahlaseli.

Lesi sigaba futhi kungenzeka sibone ukugadwa kwebhodi lokunamathisela le-macOS, lapho u-Cthulhu engaqapha ibhodi lokunamathisela amakheli e-cryptocurrency akopishwe umsebenzisi. Ngokuthola ikheli le-wallet, uhlelo olungayilungele ikhompuyutha lungafaka ikheli lomhlaseli esikhundleni salo, ngaleyo ndlela iqondise kabusha ukudluliselwa kwe-cryptocurrency ku-akhawunti yomhlaseli futhi sizoba nakho konke ndawonye.

Imojula Yokuxhumana Neseva ye-C2

Ngezivumelwano ezivikelekile njenge-HTTPS noma iWebSocket, igciwane likwazi ukuxhumana nomyalo kanye neseva yokulawula, ukuthumela idatha entshontshiwe nokwamukela imiyalelo emisha, konke okuxhunywe kumasu akwenza kube nzima kakhulu ukulandelela, njengokusetshenziswa kwamaseva elibamba, ukubethela kwethrafikhi, nezinguquko ezivamile ezizindeni zamaseva e-C2.

I-Cthulhu yenza into eyodwa icace: kuyadingeka ukuvikela

I-Cthulhu iyigciwane le-mac

Yize ekugcineni sikhuluma ngelinye futhi igciwane emhlabeni we-cybersecurity, kuwucingo olucacile lokuvuka kubo bonke abasebenzisi be-macOS: Bangani, sekuyisikhathi sokufaka i-antivirus.

Ukuvikela amakhompyutha ethu kuwumthwalo wethu futhi awekho amasistimu angathinteki: ngisho nesistimu yokusebenza eyinqaba kakhulu futhi ephelelwe yisikhathi inohlelo olungayilungele ikhompuyutha "olugijimayo" olungafaka engozini ukuphepha kwekhompyutha yakho kanye nobuqotho bedatha yakho.

Manje, kukuwe ukuthi uvikelwe… noma ube sengozini. Ufuna ukuba luhlobo luni lomsebenzisi? Ngikucacele.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.