Ukuhlasela kwe-malware okusha okuyinkimbinkimbi kubeke amadivayisi e-Android ashibhe kakhulu emakethe engcupheni. I-malware I-BadBox 2.0 isabalalise ukutheleleka kwayo kumadivayisi angaphezu kwesigidi emhlabeni wonke, okuthinta kakhulu ama-TV Boxes, amaphrojekhtha edijithali namathebulethi angenaso isitifiketi se-Google Play Protect.
Umkhankaso watholwa futhi wahlaziywa ngochwepheshe be-cybersecurity abavela Ukuphepha KWABANTU ngokubambisana ne-Google, Trend Micro kanye ne-Shadowserver Foundation. Ngenxa yocwaningo lwabo, bakwazile ukuhlonza nokuqeda 24 izinhlelo zokusebenza ezinonya esetshenziselwa ukusabalalisa uhlelo olungayilungele ikhompuyutha, kanye nokuphazamisa ukuxhumana isikhathi esingaphezu kwalokho Amadivayisi we-500,000 ngomyalo wabahlaseli namaseva okulawula.
Ngaphandle kwale mizamo, kutholwe izinhlobo ezimbalwa zohlelo olungayilungele ikhompuyutha kumadivayisi e-Android, njengaleyo ebikwe ezihlokweni ezihlobene mayelana nohlelo olungayilungele ikhompuyutha ku-Android oluphindeke kathathu kule kota yesibili ka-2012.
Isebenza kanjani i-BadBox 2.0?
Lolu hlelo olungayilungele ikhompuyutha lusebenza buthule, luvumela amadivayisi anegciwane ukuthi asetshenziswe njenge izindawo zokuhlala zommeleli. Ngamanye amazwi, izigebengu ze-inthanethi zingakwazi ukuqondisa kabusha ithrafikhi yakho ngala madivayisi, zifihle indawo yakho yangempela futhi zenze imisebenzi engekho emthethweni njengokwebiwa kwemininingwane nokudalwa kwama-akhawunti mbumbulu.
Imishini ethintekile ifinyelela kubathengi asebevele bangenwe yileli gciwane kusuka efekthri noma ngokufaka izinhlelo zokusebenza ezinonya ezilandwe ngaphandle kwe-Google Play Isitolo. Ngaphezu kwalokho, uhlu amadivayisi asengozini ezikhangiswa ngaphandle kwezilawuli zokuphepha ezanele.
Esinye isibonelo sohlelo olungayilungele ikhompuyutha olungathinta amadivayisi e-Android yileso esitholakala ezinhlelweni ezifana ne-Spylend, uhlelo olungayilungele ikhompuyutha oluyingozi nalo obekukhulunywa ngalo ngochwepheshe.
Umthelela womhlaba wonke kanye nokusatshalaliswa kwendawo
I-malware ye-BadBox 2.0 ithintekile abasebenzisi emazweni nasezifundeni ezingama-222, ngokugxila okuphawulekayo e-Brazil (37.6%), e-United States (18.2%), e-Mexico (6.3%) nase-Argentina (5.3%).
Eziningi zalezi zixhobo ezinezindleko eziphansi zikhiqizwa e-China futhi zidayiswa emhlabeni jikelele ngaphandle kwezitifiketi ezifanele zokuphepha. Ngenxa yalokho, labo abathintekile baye baba ubunzima ekususeni ngokuphelele ukutheleleka.
Ukwengeza, abathengi kufanele baqaphele izinhlelo zokusebenza ezithelelekile, okuxoxwe ngazo esihlokweni esibala izinhlelo zokusebenza eziyi-13 okufanele uzikhiphe uma zingenwe uhlelo olungayilungele ikhompuyutha ku-Android yakho.
Ungazivikela kanjani ku-BadBox 2.0
Ukuze ugweme ukuba yisisulu salolu hlelo olungayilungele ikhompuyutha, ochwepheshe batusa ukulandela uchungechunge lwe izinyathelo ezibalulekile zokuphepha:
- Qiniseka ukuthi uthenga amadivayisi aqinisekiswe ngu I-Google Play Vikela, njengoba lezi zinokuhlola ukuhambisana nokuphepha.
- Gwema ukulanda izinhlelo zokusebenza emithonjeni engekho emthethweni, njengoba eziningi zazo ziqukethe isofthiwe enonya.
- Hlola ukuthi idivayisi yakho ayifakiwe yini isofthiwe esolisayo njengokuthi 'Hola Imali Eyengeziwe' noma 'Isibali Sokukhulelwa Kwe-Ovulation', esikhonjwe njengama-vectors okuhlasela.
- Uma usuvele unayo idivayisi ethintekile, kungenzeka kakhulu nqamula ku-inthanethi noma esikhundleni salo ufake eyodwa evela kumkhiqizo othembekile.
Ngaphezu kwalokho, kunconywa ukuthi ngezikhathi ezithile ubuyekeze uhlelo lokusebenza kanye ne-firmware yedivayisi, nakuba kwezinye izimo lokhu kungenakwenzeka uma umenzi enganikeli ukusekelwa okwanele. Kubalulekile futhi ukwazi ngohlelo olungayilungele ikhompuyutha nokuthi ungayivikela kanjani i-Android TV yakho kumagciwane kanye nohlelo olungayilungele ikhompuyutha.
Ukuphazamiseka kwe-BadBox 2.0 Botnet
Ngenxa yemizamo ehlanganyelwe yezinkampani eziningi ze-cybersecurity kanye ne-Google, ingxenye enkulu ye-botnet ye-BadBox 2.0 ihlakaziwe. Kuthathwe izinyathelo ezehlukene ukuze kunqandwe ukukhula kwawo:
- Ezingu-24 zisusiwe izinhlelo zokusebenza ezinonya kusuka ku-Google Play Isitolo esisetshenziselwa ukusabalalisa uhlelo olungayilungele ikhompuyutha.
- Izizinda ezinonya ezisetshenziselwa ukulawula izisetshenziswa ezithelelekile zivinjiwe.
- I-Google isebenzise imithetho emisha ku Dlala Ukuvikela ukuvimbela izinhlelo zokusebenza ezifanayo ekungeneni ngokunyenya esitolo esisemthethweni.
- Ukuxhumana nabasebenzisi abangaphezu kuka-1000 kuphazamisekile. Amadivayisi angu-500,000 asengozini.
Ngaphandle kwalokhu kuthuthuka, kusenengozi yokuthi abahlaseli bazojwayela amasu abo futhi baqhubeke nokuthelela amathuluzi amasha. Ngakho-ke, kubalulekile kubasebenzisi ukuthi baqaphele lapho bethenga futhi besebenzisa amadivaysi e-Android. Eqinisweni, kukhona imibiko yezigidi zabasebenzisi abathintwe uhlelo olungayilungele ikhompuyutha kumadivayisi ahlobene.
