{"id":176519,"date":"2024-01-24T22:28:00","date_gmt":"2024-01-24T20:28:00","guid":{"rendered":"https:\/\/life.karpat.in.ua\/?p=176519"},"modified":"2024-01-25T04:24:45","modified_gmt":"2024-01-25T02:24:45","slug":"egy-uj-windowson-terjedo-ellopja-a-fajljait-a-jelszavait-de-meg-kepernyokepeket-is-keszit","status":"publish","type":"post","link":"https:\/\/life.karpat.in.ua\/?p=176519&lang=hu","title":{"rendered":"Egy \u00faj, Windowson terjed\u0151 v\u00edrus ellopja a f\u00e1jljait, a jelszavait, de m\u00e9g k\u00e9perny\u0151k\u00e9peket is k\u00e9sz\u00edt"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>Nagy bajban lehetnek, akik szeretik halogatni a Windows friss\u00edt\u00e9seinek a telep\u00edt\u00e9s\u00e9t: egy \u00faj v\u00edrus ugyanis n\u00e9h\u00e1ny kattint\u00e1s ut\u00e1n gyakorlatilag minden bizalmas adatot illet\u00e9ktelen kezekbe juttat a sz\u00e1m\u00edt\u00f3g\u00e9pr\u0151l.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Phemedrone Stealer \u2013 \u00edgy h\u00edvj\u00e1k azt az \u00faj, a Trend Micro kiberbiztons\u00e1gi kutat\u00f3i \u00e1ltal felfedezett vesz\u00e9lyes k\u00e1rtev\u0151t, melyet m\u00e1r a rosszindulat\u00fa felek is akt\u00edvan kihaszn\u00e1lnak, \u00e9s a Security Week sz\u00e1molt be r\u00f3la. A t\u00e1mad\u00e1st a Windows SmartScreen s\u00e9r\u00fcl\u00e9kenys\u00e9ge (CVE-2023-36025) teszi lehet\u0151v\u00e9, \u00e9s ebb\u0151l m\u00e1r ki is der\u00fclt, hogy a Windowst futtat\u00f3 sz\u00e1m\u00edt\u00f3g\u00e9pek a c\u00e9lpontjai.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A nevezett s\u00e9r\u00fcl\u00e9kenys\u00e9get a Microsoft 2023 november\u00e9ben m\u00e1r jav\u00edtotta, \u00e9s ez az eset is r\u00e1vil\u00e1g\u00edt arra, hogy mi\u00e9rt nem \u00e9rdemes halogatni a friss\u00edt\u00e9sek telep\u00edt\u00e9s\u00e9t: azok ugyanis, akik install\u00e1lt\u00e1k a jav\u00edt\u00e1st, v\u00e9dve vannak a k\u00e1rtev\u0151t\u0151l.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"370\" src=\"https:\/\/life.karpat.in.ua\/wp-content\/uploads\/2024\/01\/virus.jpg\" alt=\"\" class=\"wp-image-176520\" srcset=\"https:\/\/life.karpat.in.ua\/wp-content\/uploads\/2024\/01\/virus.jpg 800w, https:\/\/life.karpat.in.ua\/wp-content\/uploads\/2024\/01\/virus-300x139.jpg 300w, https:\/\/life.karpat.in.ua\/wp-content\/uploads\/2024\/01\/virus-768x355.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">A halogat\u00e1s h\u00edvei azonban komoly bajban lehetnek, ugyanis a Phemedrone Stealer a Windows be\u00e9p\u00edtett v\u00e9delm\u00e9t, a Defendert is gond n\u00e9lk\u00fcl megker\u00fcli, \u00e9s amit azut\u00e1n csin\u00e1l, az val\u00f3s\u00e1gos adatv\u00e9delmi r\u00e9m\u00e1lom.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A t\u00e1mad\u00e1s nulladik l\u00e9p\u00e9se, hogy a felhaszn\u00e1l\u00f3 r\u00e1kattint egy fert\u0151z\u00f6tt hivatkoz\u00e1sra \u2013 ezt megnyitva let\u00f6lt\u0151dik egy a k\u00e1rt\u00e9kony f\u00e1jl, melyre, ha a felhaszn\u00e1l\u00f3 r\u00e1kattint, indul is a t\u00e1mad\u00e1s. A k\u00e1rtev\u0151 a g\u00e9p v\u00e9delmi vonalain minden tov\u00e1bbi n\u00e9lk\u00fcl \u00e1tl\u00e9p, \u00e9s elkezdi keresni a felhaszn\u00e1l\u00f3 adatait.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azt pedig biztos nem lehet mondani r\u00e1, hogy v\u00e1logat\u00f3s lenne: a b\u00f6ng\u00e9sz\u0151kben t\u00e1rolt adatok (jelszavak, s\u00fctik, el\u0151zm\u00e9nyek) mellett az \u00fczenetk\u00fcld\u0151 platformok (Telegram, Discord) adatait is viszi. Nem kiv\u00e9tel a Steam sem, \u00e9s ha az eddigiek nem lenn\u00e9nek el\u00e9g ijeszt\u0151ek, a java csak most j\u00f6n: a k\u00e1rtev\u0151 k\u00e9perny\u0151k\u00e9peket k\u00e9sz\u00edt (!), \u00e9s rendszerinform\u00e1ci\u00f3kat is gy\u0171jt, p\u00e9ld\u00e1ul, hogy milyen hardverr\u0151l van sz\u00f3, de ha m\u00e1r ott j\u00e1r, a felhaszn\u00e1l\u00f3 helyadatait is viszi.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Miut\u00e1n szem\u00e9rmetlen\u00fcl bezs\u00e1kolt minden adatot, el\u0151sz\u00f6r a rendszerinform\u00e1ci\u00f3kat tov\u00e1bb\u00edtja a t\u00e1mad\u00f3nak, majd egy t\u00f6m\u00f6r\u00edtett (.zip) f\u00e1jlban minden m\u00e1s adatot is elk\u00fcld.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hogy mi mindenre haszn\u00e1lj\u00e1k fel ezeket, az m\u00e1r csak att\u00f3l f\u00fcgg, hogy milyen c\u00e9ljai vannak a rosszindulat\u00fa f\u00e9lnek \u2013 ennyi szem\u00e9lyes inform\u00e1ci\u00f3 birtok\u00e1ban m\u00e1r k\u00f6nnyed\u00e9n lehet valakit zsarolni is.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A megold\u00e1s kifejezetten egyszer\u0171: mindig telep\u00edtse azonnal a Windows biztons\u00e1gi friss\u00edt\u00e9seit (a G\u00e9ph\u00e1zban, a Windows Update men\u00fcpontban), valamint ne kattintson gyan\u00fas hivatkoz\u00e1sokra \u2013 pl\u00e1ne ne futtasson olyan f\u00e1jlt, amit egy ilyen oldalr\u00f3l t\u00f6lt\u00f6tt le.<\/p>\n\n\n\n<p class=\"has-text-align-right wp-block-paragraph\"><strong><a href=\"https:\/\/hvg.hu\/tudomany\/20240124_phemedrone_stealer_windows_kartevo_defender_vedelem_megkerulese_cve_2023_36025_adatok_ellopasa_veszelyes_virus#rss\" target=\"_blank\" rel=\"noreferrer noopener\">(hvg.hu)<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nagy bajban lehetnek, akik szeretik halogatni a Windows friss\u00edt\u00e9seinek a telep\u00edt\u00e9s\u00e9t: egy \u00faj v\u00edrus ugyanis n\u00e9h\u00e1ny kattint\u00e1s ut\u00e1n gyakorlatilag minden bizalmas adatot illet\u00e9ktelen kezekbe juttat a sz\u00e1m\u00edt\u00f3g\u00e9pr\u0151l.<\/p>\n","protected":false},"author":12,"featured_media":176520,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49,590,39],"tags":[745749,616],"class_list":["post-176519","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hirek","category-it-hu","category-vilag","tag-virus-3","tag-windows"],"_links":{"self":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/176519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=176519"}],"version-history":[{"count":2,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/176519\/revisions"}],"predecessor-version":[{"id":176523,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/176519\/revisions\/176523"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/media\/176520"}],"wp:attachment":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=176519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=176519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=176519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}