-Google izolo (ngoLwesine, ngoJuni 6) Ngibika ngokushicilelwa kusuka ku-Blog yakhe Yezokuphepha ye-Google, ethole ubukhona bengaphandle elifakwe ngaphambilini kumadivayisi we-Android ngaphambi kokushiya amafektri.
AbakwaGoogle basifundile lesi simo ngemuva kokuthi ivezwe ngochwepheshe bezokuphepha kwamakhompyutha eminyakeni embalwa eyedlule. Lezi izinhlelo ezinonya zomndeni wakwa- "Triad" yakhelwe ugaxekile nokukhangisa kudivayisi ye-Android.
Mayelana neTriada
Ngokuya nge-Google, I-Triada isungule indlela yokufaka i-malware kumafoni e-Android cishe efektri, nangaphambi kokuba amakhasimende aqale noma afake uhlelo lokusebenza olulodwa kumadivayisi abo.
KwakungoMashi 2016 lapho iTriada yachazwa okokuqala. kokuthunyelwe kubhulogi kuwebhusayithi yenkampani yezokuphepha kwamakhompiyutha iKaspersky Lab. Okunye okuthunyelwe kubhulogi kwanikezelwa yinkampani ngoJuni 2016.
Ngaleso sikhathi, kwakuyiTrojan egxilile engaziwa kubahlaziyi evela enkampanini yezokuphepha izama ukuxhaphaza amadivayisi we-Android ngemuva kokuthola amalungelo aphakeme.
Njengoba kuchazwe yiKaspersky Lab yango-2016, uma iTriada ifakiwe kudivayisi, inhloso yayo enkulu ukufaka izicelo ezazingasetshenziswa ukuthumela ugaxekile nokukhangisa izikhangiso.
Isebenzise isethi yamathuluzi ehlaba umxhwele, kufaka phakathi ukuba sengozini kwezimpande okudlula ukuvikela okwakhelwe ngaphakathi kwe-Android, nezindlela zokusebenzisa inqubo ye-Android OS yeZygote.
Le yimikhiqizo ethintekile
Lezi zinhlelo zokusebenza ezinonya zitholakale ku-2017 zifakwe kuqala kumadivayisi ahlukahlukene we-Android, kufaka phakathi ama-Smartphones avela ku- uphawu lweLeagoo (Amamodeli we-M5 plus ne-M8) noNomu (Izinhlobo ze-S10 ne-S20).
Izinhlelo ezinonya kulo mndeni wezinhlelo zokusebenza zihlasela inqubo yohlelo ebizwa ngeZygote (isiqalisi senqubo yesicelo senkampani yangaphandle). Ngokuzijova ngeZygote, lezi zinhlelo ezinonya zingangena noma iyiphi enye inqubo.
"I-Libandroid_runtime.so isetshenziswa yizo zonke izinhlelo ze-Android, ngakho-ke i-malware iyazifaka endaweni yememori yazo zonke izinhlelo zokusebenza ezisebenza njengomsebenzi oyinhloko wale malware ukulanda ezinye izinto ezinobungozi. «
Ngoba yakhiwe komunye wemitapo yolwazi yohlelo iyasebenza futhi itholakala esigabeni Sesistimu, okuyi ayinakususwa kusetshenziswa izindlela ezijwayelekile, ngokusho kombiko. Abahlaseli bakwazile ukusebenzisa buthule umnyango wangemuva ukulanda nokufaka amamojula anamandla.
Ngokombiko ku-Google Security Blog, isenzo sokuqala sikaTriada kwaba ukufaka uhlobo lwe-superuser lwamafayela kanambambili (su).
Lo mthetho ongaphansi uvumele ezinye izinhlelo zokusebenza ukuthi zisebenzise izimvume zempande. Ngokuya nge-Google, i-kanambambili esetshenziswe yi-Triada idinga iphasiwedi, okusho ukuthi yayihlukile uma iqhathaniswa namabhanari ajwayelekile kwezinye izinhlelo ze-Linux. Lokhu kusho ukuthi i-malware ingaphazamisa ngqo zonke izinhlelo ezifakiwe.
Ngokusho kweKaspersky Lab, bayachaza kungani kunzima ukuthola iTriada. Okokuqala, iguqula inqubo yeZygote. Zygote Kuyinqubo eyisisekelo yohlelo lokusebenza lwe-Android esetshenziswa njengesifanekiso sohlelo ngalunye, okusho ukuthi uma iTrojan isingenile kule nqubo, iba yingxenye yazo zonke izinhlelo okuqala kudivayisi.
Okwesibili, yeqa imisebenzi yohlelo futhi ifihle amamojula ayo ohlwini lwezinqubo ezisebenzayo nezinhlelo zokusebenza ezifakiwe. Ngakho-ke, uhlelo aluboni noma yiziphi izinqubo ezingajwayelekile ezisebenzayo ngakho-ke aluphonsi izexwayiso.
Ngokuya ngokuhlaziywa kweGoogle embikweni wabo, ezinye izizathu zenze umndeni wakwaTriada wezinhlelo zokusebenza ezinobungozi ube yinkimbinkimbi.
Ngakolunye uhlangothi, isebenzise ukufaka ikhodi kwe-XOR ne-ZIP ukubethela ukuxhumana. Ngakolunye uhlangothi, ufake ikhodi kuhlelo lokusebenza lomsebenzisi lohlelo olwavumela ukubonisa izikhangiso. I-backdoor iphinde yafaka ikhodi kuye eyayimvumela ukuthi asebenzise uhlelo lokusebenza le-Google Play ukulanda nokufaka izinhlelo zokusebenza azithandayo.