Google jiya (Alhamis, 6 ga Yuni) Na bayar da rahoto ta hanyar bugawa daga Blog din Tsaro na Google, wanda ya gano kasancewar pre-shigar bango a kan na'urorin Android kafin barin masana'antu.
Google yayi nazarin halin da ake ciki bayan da ya bayyana ta kwararru kan harkar tsaro na’ura mai kwakwalwa ‘yan shekarun baya. Waɗannan su ne aikace-aikacen ɓarna na «Triad family» an tsara shi don yin wasikun banza da tallatawa akan na'urar Android.
Game da Triada
A cewar Google, Triada ta kirkiro wata hanyar girka malware akan wayoyin Android kusan a masana'anta, tun kafin ma kwastomomi su fara ko ma sanya manhaja guda a kan na'urorin su.
A cikin Maris 2016 ne aka fara bayyana Triada. a cikin shafin yanar gizo a shafin yanar gizon kamfanin tsaro na kwamfuta na Kaspersky Lab.Wani shafin yanar gizon kuma kamfanin ya sadaukar da shi a watan Yunin 2016.
A lokacin, Ya kasance Trojan mai zurfin-zurfin masaniya ga manazarta daga kamfanin tsaro da ke ƙoƙarin yin amfani da na'urorin Android bayan karɓar Privaukaka gata.
Kamar yadda aka bayyana ta Kaspersky Lab na shekarar 2016, da zarar an shigar da Triada akan na'urar, babbar ma'anarta ita ce shigar da aikace-aikacen da za a iya amfani da su don aika saƙonnin banza da tallan tallace-tallace.
Ya yi amfani da kayan aiki masu ban sha'awa, gami da raunin raunin da ke kewaye da kariyar tsaro ta Android, da hanyoyin da za a gyara aikin Zygote na Android OS.
Waɗannan sune alamun da abin ya shafa
An gano waɗannan ƙa'idodin masu ƙarancin ƙira a cikin 2017 waɗanda aka riga aka sanya su a kan wayoyin hannu na Android daban-daban, gami da wayoyin hannu daga alamar Leagoo (M5 da kuma M8 model) da Nomu (Samfurin S10 da S20).
Shirye-shiryen cutarwa a cikin wannan dangin aikace-aikacen suna afkawa tsarin tsarin da ake kira Zygote (mai ƙaddamar da aikace-aikacen aikace-aikace na ɓangare na uku). Ta hanyar yin allurar kansu cikin Zygote, waɗannan mugayen shirye-shiryen na iya kutsawa cikin kowane tsari.
"Ana amfani da Libandroid_runtime.so ne a duk aikace-aikacen Android, don haka malware tana shigar da kanta cikin yankin ƙwaƙwalwar duk aikace-aikacen da ke gudana a matsayin babban aikin wannan malware shine sauke ƙarin abubuwa masu haɗari. «
Saboda an gina shi a ɗayan ɗakunan karatu na tsarin yana aiki kuma yana cikin ɓangaren Tsarin, wanda ba za a iya cire ta amfani da daidaitattun hanyoyin, a cewar rahoton. Maharan sun sami damar yin shiru suna amfani da ƙofar baya don zazzagewa da shigar da roan damfara.
Dangane da rahoto akan Blog na Tsaron Google, aikin farko na Triada shine shigar da nau'ikan nau'ikan fayilolin binary (su).
Wannan ƙaramin aikin ya ba da izinin wasu aikace-aikace a kan na'urar don amfani da tushen izini. A cewar Google, binary din da Triada yayi amfani da shi yana buƙatar kalmar sirri, wanda ke nufin cewa ya kasance na musamman idan aka kwatanta shi da binaries da ya saba da sauran tsarin Linux. Wannan yana nufin cewa malware zai iya ɓatar da duk aikace-aikacen da aka sanya.
A cewar Kaspersky Lab, sun yi bayani me yasa Triada ke da wahalar ganowa. Na farko, yana gyara aikin Zygote. Zygote Yana da asali tsarin aikin Android wanda ake amfani dashi azaman samfuri don kowane aikace-aikace, wanda ke nufin cewa da zarar Trojan ya shiga aikin, ya zama wani ɓangare na kowane aikace-aikacen wanda ke farawa akan na'urar.
Na biyu, ya birkita ayyukan tsarin kuma ya ɓoye matakansa daga jerin abubuwan tafiyarwa da aikace-aikacen da aka girka. Sabili da haka, tsarin baya ganin kowace hanya mai ban mamaki da ke gudana don haka baya jefa kowane faɗakarwa.
Dangane da nazarin Google a cikin rahoton su, wasu dalilai sun sanya dangin Triada na masarrafan masarufi suna da wayewa sosai.
A gefe guda, ta yi amfani da ɓoye XOR da fayilolin ZIP don ɓoye sadarwa. A gefe guda kuma, ta yi allurar allura a cikin aikace-aikacen tsarin amfani da mai amfani wanda ya ba da damar nuna tallace-tallace. Gidan bayan gida kuma ya sanya masa lamba wanda ya bashi damar amfani da Google Play app don zazzagewa da shigar da abubuwan da yake so.