{"id":20377,"date":"2022-05-02T22:54:03","date_gmt":"2022-05-02T19:54:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=20377"},"modified":"2022-05-02T22:54:03","modified_gmt":"2022-05-02T19:54:03","slug":"xhelper-android-aygitlari-etkilemeye-devam-ediyor","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=20377","title":{"rendered":"xHelper, Android Ayg\u0131tlar\u0131 Etkilemeye Devam Ediyor"},"content":{"rendered":"<p>Ge\u00e7ti\u011fimiz y\u0131l\u0131n ekim ay\u0131nda <strong>xHelper <\/strong>isimli makus gayeli bir yaz\u0131l\u0131mdan sizlere bahsetmi\u015ftik. 2019 Mart ay\u0131nda tespit edilen makus hedefli yaz\u0131l\u0131m, birinci olarak Google Play Store\u2019da ortaya \u00e7\u0131km\u0131\u015ft\u0131. Ekim ay\u0131ndan bu yana xHelper\u2019\u0131n etkiledi\u011fi ayg\u0131t say\u0131s\u0131 ise 45 binden 50 bine y\u00fckseldi.<\/p>\n<p><b>Silinemeyen ziyanl\u0131 yaz\u0131l\u0131m: xHelper<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/56\/68f883f43117aa66dc5b744d4f66a9eb675d50ca.jpeg\"\/><\/p>\n<p><strong>Kaspersky<\/strong> tak\u0131m\u0131, kendisini \u201cTrojan-Dropper.AndroidOD.Helper.h\u201dde g\u00f6steren, ayg\u0131t\u0131n\u0131z\u0131 temizledi\u011fi ya da performans\u0131n\u0131 art\u0131rd\u0131\u011f\u0131n\u0131 tez eden uygulamalarla yay\u0131lan xHelper\u2019\u0131 tahlil etti. Yaz\u0131l\u0131m\u0131 ayg\u0131t\u0131n\u0131za indirdi\u011finizde, y\u00fckledi\u011finizde ve akabinde \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131zda \u201cTrojan-Downloader.AndroidOS.Leech.p ismi verilen \u00f6teki bir ziyanl\u0131 yaz\u0131l\u0131m\u0131 indiriyor.<\/p>\n<p>Lakin olaylar burada da noktalanm\u0131yor. Leech.p daha sonra \u201cHEUR:Trojan.AndroidOS.Triada.dd\u2019yi indiriyor ve ayg\u0131t\u0131n <strong>k\u00f6k eri\u015fimine<\/strong> (root access) m\u00fcsaade veriyor. Kaspersky\u2019\u0131n belirtti\u011fine nazaran bu k\u00f6k eri\u015fimi, Android 6 yahut Android 7 \u00e7al\u0131\u015ft\u0131ran ucuz \u00c7in telefonlar\u0131nda ger\u00e7ekle\u015febiliyor. Yaz\u0131l\u0131m, sa\u011flad\u0131\u011f\u0131 bu k\u00f6k eri\u015fimi sayesinde sisteme daha fazla ziyanl\u0131 yaz\u0131l\u0131m indiriyor. Yaz\u0131l\u0131m, daha sonra kendisini dokunulmaz hale getiriyor ve silinemiyor. Bu y\u00fczden anti vir\u00fcs programlar\u0131n\u0131n bu meseleyle ba\u015f etmesi daha da s\u0131k\u0131nt\u0131 hale geliyor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/56\/9be105939baaa5c5bd1aba0474fc64ca9928b94e.jpeg\"\/><\/p>\n<p>Kaspersky\u2019dan Igor Golovin, yaz\u0131l\u0131m\u0131n k\u00f6k eri\u015fimi sayesinde daha da g\u00fc\u00e7lendi\u011fini belirtiyor ve <em>\u201cTriada, programlar\u0131n\u0131 y\u00fcklemek i\u00e7in sistem b\u00f6lmelerini yine yerine getirmek \u00fczere epeyce g\u00fczel numaralara sahip\u201d<\/em> diyor. xHelper\u2019\u0131n \u2018<strong>yok edilemez<\/strong>\u2019 olarak tan\u0131mlanmas\u0131n\u0131n sebebi de burada yat\u0131yor. Kimi belgeleri silindi\u011finde dahi C&#038;C sunucusundan gerekli bile\u015fenleri yine indirmek ayr\u0131cal\u0131klar\u0131n\u0131 muhafazaya devam edebiliyor. Ayg\u0131t, fabrika ayarlar\u0131na d\u00f6nd\u00fcr\u00fclse bile bu yaz\u0131l\u0131mdan kurtulam\u0131yor.<\/p>\n<p>T\u00fcm bunlar\u0131 bir nevi a\u00e7maza sokan \u015fey ise bir\u00e7ok ucuz Android ayg\u0131t, donan\u0131m\u0131nda bu ziyanl\u0131 yaz\u0131l\u0131m y\u00fckl\u00fc bi\u00e7imde \u00e7\u0131k\u0131yor. Bu sayede xHelper\u2019\u0131 ve \u00f6teki ziyanl\u0131 trojanlar\u0131 indirebiliyor. Golovin, bu noktada <strong>fabrika ayarlar\u0131na <\/strong>d\u00f6nmenin pek bir mana s\u00f6z etmedi\u011fini s\u00f6yl\u00fcyor. Golovin, yaz\u0131l\u0131m\u0131n bula\u015ft\u0131\u011f\u0131 ayg\u0131t\u0131 b\u00fcsb\u00fct\u00fcn kurtarman\u0131n tek yolunun alternatif ayg\u0131t yaz\u0131l\u0131m\u0131 kullanmak oldu\u011funu s\u00f6yl\u00fcyor ki birtak\u0131m ayg\u0131tlar\u0131n donan\u0131mlar da bu hususta \u00e7ok verimli de\u011fil.<\/p>\n<p>Sonu\u00e7 olarak, bu mevzuda yap\u0131labilecek tek \u015fey ayg\u0131t\u0131n\u0131za y\u00fckleyece\u011finiz yaz\u0131l\u0131mlar konusunda daha dikkatli varmak olacakt\u0131r. <strong>Play Store<\/strong>\u2019da da ziyanl\u0131 yaz\u0131l\u0131m problemleri olu\u015fsa da \u00fc\u00e7\u00fcnc\u00fc parti uygulama ma\u011fazalar\u0131ndan ya da bilinmeyen kaynaklardan indirilen uygulamalar riskleri daha da art\u0131racakt\u0131r.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ge\u00e7ti\u011fimiz y\u0131l\u0131n ekim ay\u0131nda xHelper isimli makus gayeli bir yaz\u0131l\u0131mdan sizlere bahsetmi\u015ftik. 2019 Mart ay\u0131nda tespit edilen makus hedefli &#8230;<\/p>\n","protected":false},"author":1,"featured_media":20378,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[316,3786,1237,3787],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/20377"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20377"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/20377\/revisions"}],"predecessor-version":[{"id":20379,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/20377\/revisions\/20379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/20378"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}