Google nezuro (China, June 6) Ini ndinoshuma kuburikidza nechinyorwa kubva kuGoogle Security Blog, iyo yakaona kuvepo kweyakagara-yaiswa backdoor pane Android zvishandiso usati wasiya mafekitori.
Google yakadzidza mamiriro acho mushure mekunge yaburitswa nenyanzvi dzekuchengetedza komputa makore mashoma apfuura. Aya ndiwo mashandisiro anokuvadza eiyo «Triad mhuri» yakagadzirirwa spam uye kushambadza pane Android chishandiso.
About Triada
Maererano neGoogle, Triada yakagadzira nzira yekuisa malware pafoni dzeApple zviripo kufekitori, kunyangwe vatengi vasati vatanga kana kutomboisa imwechete app pazvigadzirwa zvavo.
Yakanga iri muna Kurume 2016 iyo Triada yakatanga kutsanangurwa. mune blog blog pane webhusaiti yekomputa chengetedzo kambani Kaspersky Lab.Imwe blog posvo yakatsaurwa nekambani munaJune 2016.
Panguva iyoyo, yaive Trojan yakadzika midzi isingazivikanwe kune vaongorori kubva kukambani yekuchengetedza iri kuyedza kushandisa zvishandiso zveApple mushure mekugashira Rukudzo Rwakakwirira.
Sezvakatsanangurwa naKaspersky Lab ra2016, kana Triada yaiswa pachigadzirwa, chinangwa chayo chikuru chaive chekuisa mashandisiro aigona kushandiswa kutumira spam uye kuratidza kushambadza.
Yakashandisa seti inoshamisa yezvishandiso, kusanganisira rooting kudzvinyirira iyo inodarika Android yakavakirwa-mukati chengetedzo chengetedzo, uye nzira dzekugadzirisa iyo Android OS's Zygote maitiro.
Aya ndiwo maronda akanganiswa
Aya maapplication anehuipi akawanikwa muna2017 pre-akaiswa pane akasiyana Android nhare mbozha, kusanganisira mafoni kubva iyo Leagoo brand (M5 kuwedzera uye M8 mhando) uye Nomu (S10 uye S20 mhando).
Zvirongwa zvakashata mumhuri iyi yeapplication zvinorwisa maitiro ehurongwa anonzi Zygote (yechitatu-bato kunyorera maitiro kuvhura). Nekuzvibaya muZygote, zvirongwa zvakashata izvi zvinogona kupinza chero imwe nzira.
"Libandroid_runtime.so inoshandiswa nemaapplication ese eApple, saka malware inozvibaya munzvimbo yekurangarira yezvose zvinomhanyisa mashandiro sezvo basa guru remarware iri kurodha pasi zvimwe zvinokuvadza. «
Nekuti yakavakwa mune imwe yemaraibhurari ehurongwa inoshanda uye iri muchikamu cheSystem, icho haigone kubviswa uchishandisa nzira dzakajairika, maererano neshumo. Varwisi vakakwanisa chinyararire kushandisa musuwo wekumashure kurodha pasi uye nekuisa akaomarara mamodule.
Zvinoenderana neshumo iri paGoogle Chengetedzo Blog, chekutanga chaTriada yaive yekumisa superuser mhando yemabhainari mafaera (su).
Iyi subroutine yaibvumidza mamwe maapplication pachigadzirwa kushandisa midzi mvumo. Zvinoenderana neGoogle, iyo bhanari inoshandiswa naTriada yaida password, zvinoreva kuti yaive yakasarudzika kana ichienzaniswa nemabhinari anowanikwa kune mamwe maLinux masisitimu. Izvi zvaireva kuti iyo malware yaigona kukonzeresa zvese zvinoshandiswa zvakaiswa.
Zvinoenderana neKaspersky Lab, ivo vanotsanangura sei Triada ichinetsa kuona. Chekutanga, inogadzirisa maitiro eZygote. Zygote Iyo ndiyo nzira yekutanga yeiyo Android inoshanda sisitimu iyo inoshandiswa se template kune yega yega application, zvinoreva kuti kana iyo Trojan yapinda mukuita, inova chikamu chese application iyo inotanga pane mudziyo.
Chechipiri, inodarika mashandiro ehurongwa uye inovanza mamodule ayo kubva pane runyorwa rwemaitiro ekumhanya uye akaisirwa maapplication. Naizvozvo, iyo system haina kuona chero isinganzwisisike maitiro achimhanya uye nekudaro haina kukanda chero yambiro.
Zvinoenderana neongororo yakaitwa neGoogle mumushumo wavo, zvimwe zvikonzero zvakaita kuti mhuri yeTriada yezvinhu zvakashata zvive nehunyanzvi.
Kune rimwe divi, yaishandisa XOR encoding uye ZIP mafaera kunyorera kutaurirana. Kune rimwe divi, akapinza kodhi mune yeesisitimu mushandisi yekushandisa application iyo yaibvumidza kuratidza kushambadza. Imba yekunze zvakare yakapinza kodhi maari iyo yaimubvumidza kushandisa iyo Google Play app kurodha pasi nekuisa maapplication aanosarudza.