Okungaphezu kwalokho iminyaka eyisikhombisa ilandelanaUmsebenzi omkhulu wobugebengu be-inthanethi ukwazile ukungena ezipheqululini ezinkulu emakethe, okuhlanganisa i-Google Chrome ne-Microsoft Edge, ngokusebenzisa izandiso ezibonakala zingenangozi. Ububanzi balolu hlaselo bukhulu kakhulu kangangokuthi kulinganiselwa ukuthi okungenani abasebenzisi abayizigidi ezingu-8,8 Abantu emhlabeni wonke babengathinteka, abaningi babo eYurophu naseSpain.
Uphenyo, oluholwa ochwepheshe bezokuphepha kwe-inthanethi njengenkampani I-Koi.ai, ithole inethiwekhi yobugebengu ehlelwe kahle kakhulu, ebizwa ngokuthi I-DarkSpectreokusolwa ukuthi basebenzise ukwethenjwa ezitolo ezisemthethweni ukuze basabalalise i-malware. Isici esikhathaza kakhulu ukuthi Iningi lalabo abathintekile lalingenaso nhlobo isiqiniseko ukuthi imininingwane yabo yasebhange, iziqinisekiso, noma ulwazi lwenkampani lwaluqoshwa ngemuva.
Ukuhlasela okuthule okusebenzise kabi izandiso ze-Chrome ne-Edge
Ngokusho kwedatha eyembulwe abacwaningi, i-DarkSpectre yakha ingqalasizinda eyinkimbinkimbi yokushicilela nokunakekela izandiso ezinonya ezingaba ngu-300 ezitolo ezisemthethweni ze-Chrome, Edge, Firefox, kanye ne-Opera. Eziningi zalezi zandiso zethulwe njengezinsiza zansuku zonke: kusukela kubaphathi bamathebhu nabahumushi, kuya izivimbeli zezikhangiso noma amathuluzi okuthuthukisa umkhiqizo.
Icebo kwakuwukunikeza izici ezisemthethweni ekuqaleni, ngaleyo ndlela uthole ukulandwa kanye nedumela elihle ngokusekelwe ku- izibuyekezo nezilinganiso ezinhle ezenziwe ngokwenziwaLapho izandiso sezifinyelele inani elikhulu labasebenzisi, abahlaseli bacindezela izibuyekezo eziyimfihlo eyayihlanganisa ikhodi enonya ngaphandle kokuba umsebenzisi aqaphele noma yiziphi izinguquko ezisobala ekusebenzeni.
Uma kwenzeka iziphequluli ezisekelwe kuChromium, njenge I-Google Chrome ne-Microsoft EdgeKutholwe inethiwekhi yezandiso zohlobo lwehhashi leTrojan ezifihliwe njengamathuluzi okwenza ngokwezifiso noma izithiyo zokuvimba izikhangiso. Okungenani isigaba esisodwa sokuhlasela sitholakale Izandiso ezingu-30 ezithandwa kakhulu okwazi ukweba iziqinisekiso zasebhange, amaphasiwedi ezinkundleni zokuxhumana, kanye nokugcwalisa idatha yamafomu ngokuzenzakalela, ukuthumela lonke lolo lwazi ngesikhathi sangempela kumaseva ngaphansi kokulawulwa yizigebengu ze-inthanethi.
Ngaphezu kokwebiwa kwedatha, eziningana zalezi zandiso zazihlanganisa izici ze ukufakwa kwezikhangiso kanye nokuqondisa kabusha useshoLokhu kwavumela ukuboniswa kwezikhangiso eziphazamisayo, kwaqondisa abasebenzisi kumasayithi obugebengu bokweba imininingwane ebucayi futhi kwanda amathuba okukhwabanisa, okuhlanganisa ukuzenza ongeyena amakhasi asebhange noma izinsizakalo zokukhokha ezisetshenziswa kabanzi eSpain nakulo lonke elaseYurophu.
Izisulu ezingaphezu kwezigidi ezingu-8,8 kanye nemikhankaso emithathu emikhulu ehlanganisiwe
Ubukhulu bokuhlaselwa bubonakala ezibalweni eziphathwe yizinsizakalo zobunhloli kanye nezinkampani zokuphepha kwe-inthanethi: kulinganiselwa ukuthi 8,8 izigidi zabasebenzisi Bathintwe emhlabeni wonke yimikhankaso ehlukahlukene ehlotshaniswa ne-DarkSpectre. Ukuze kufezwe lokhu, kuthiwa leli qembu laqhubeka imigqa emithathu ehlukene yokuhlasela, eyaziwa ngokuthi i-ShadyPanda, i-GhostPoster kanye ne-Zoom Stealer.
Umkhankaso ShadyPanda Kwakuyiyona eyayinolaka kakhulu ngokwevolumu. Ngokudlula okungaphezu kwalokho Izandiso eziyi-100 ezinonya, okuhloswe kakhulu ukulawula ithrafikhi ye-e-commerce, ngabe kubeke engcupheni idatha ye cishe abasebenzisi abayizigidi ezingama-5,6Uma imisebenzi efihliwe isivuliwe, lezi zandiso zingaguqula izixhumanisi kuma-portal okuthenga, ziqondise kabusha izinkokhelo emakhasini okukhwabanisa, noma zifake ikhodi eyengeziwe ukuze ziqhubeke nokulandelela umsebenzi womsebenzisi.
Ochwepheshe baveza ukuthi la maqhinga athinte izitolo eziku-inthanethi kanye nezinsizakalo zokukhokha ezisetshenziswa kabanzi e-European Union, avula ithuba lokuthi ukukhwabanisa kwezezimali okuwela imingcele kanye nezinkinga zokuthobela imithetho ezingaba khona zamapulatifomu angazange athole ukuphathwa kabi kwethrafikhi ngesikhathi.
Ukuhlasela kwesibili okukhulu, okubizwa ngokuthi I-GhostPosterInhloso yayo eyinhloko kwakuyiziphequluli I-Firefox ne-Operaeyayinezilawuli zokuphepha ezingaqinile kangako kune-Chrome ne-Edge. Kulesi simo, isici esihlukanisayo kwakuwukusetshenziswa kwe sthembisoAbahlaseli bafihle ikhodi ye-JavaScript enonya ngaphakathi kwamafayela esithombe se-PNG, okubavumela ukuthi basebenzise imiyalelo ekude futhi balande amamojula amasha e-malware ngaphandle kokuphakamisa izinsolo.
Esinye sezibonelo eziphawuleka kakhulu kwakuwukwenziwa kwesandiso se- I-Google Translate ye-Operaokwakubonakala kuyithuluzi elisemthethweni ekuqaleni. Kodwa-ke, ngemuva kwezigcawu, yafaka umnyango wangemuva isebenzisa iframe Ifihliwe, ikhubaze ukuvikelwa kokulwa nokukhwabanisa kwesiphequluli futhi yasungula uxhumano namaseva axhunywe ngaphambilini kweminye imisebenzi ye-DarkSpectre, yakha isiteshi sokufinyelela esihlala njalo ohlelweni lwesisulu.
I-Zoom Stealer: Ukungenela ubunhloli kumakholi wevidiyo ezinkampani
Isigaba sesithathu sokuhlasela, esihlonzwe njenge I-Zoom Stealer, wathatha igxathu elibalulekile ngokugxila ngokuphelele ku- imvelo yebhizinisiEkupheleni kuka-2025, abacwaningi bathole okungenani Izandiso ezithile ezingu-18 kuqondiswe kumapulatifomu e-videoconferencing afana ne-Zoom, i-Microsoft Teams kanye ne-Google Meet, kanti kulinganiselwa ukuthi lokhu kuzothinta kanjani 2,2 izigidi zabasebenzisi.
Lezi zandiso zikhuthazwe njengezinto ezifanelekile zokwengeza ukusebenza ngocingo kanye nemihlangano ekude: bathembisa fingqa amavidiyo, londoloza izixhumanisi ezithakazelisayo, dala uhlu lwabahlanganyeli noma ukhiqize isifinyezo esizenzakalelayo seseshini ngayinye. Iphrofayili ekhangayo kakhulu yezinkampani zaseSpain nezaseYurophu ezihlanganise umsebenzi ohlanganisiwe nowekude eminyakeni yamuva nje.
Ngemva kokufakwa kwawo, amathuluzi aqala ukusebenza vimba ulwazi olubucayi kusuka kumakholi wevidiyo: izixhumanisi zokufinyelela, ama-ID emihlangano, amaphasiwedi ezivakashi, futhi kwezinye izimo, okuqukethwe okwabiwe noma imethadatha ehlobene nezethulo namadokhumenti okuxoxwe ngawo ngesikhathi seseshini.
Ngale datha, abahlaseli bakwazile ukufinyelela emihlanganweni yangasese, eminingi yayo esezingeni eliphezulu, futhi bakha izindawo zokugcina ubuhlakani bobungcweti kanye nohwebo ngenani elikhulu leqhinga. Ngokusho kwemithombo ebonisiwe, ukuxhumana kwangaphakathi mayelana nezinhlelo zebhizinisi, izivumelwano zokutshalwa kwezimali, amasu emakethe, kanye nezinye izindaba ezibucayi kakhulu ekuncintisaneni kwezinkampani ezihilelekile kwaphazamiseka.
Ngesikhathi esifanayo, i-Zoom Stealer yasebenzisa izimvume ezibanzi ezinikezwe izandiso ukuze zenze ukukhishwa kweziqinisekiso ngesikhathi sangempelaLokhu kufaka phakathi iziqinisekiso zokungena ngemvume zenkampani, okhiye bokufinyelela kumathuluzi efu, kanye namaphrofayili ochwepheshe angasetshenziswa kabusha ekuhlaselweni okuqondiwe, njengemikhankaso yobugebengu bokweba imininingwane ebucayi eyenziwe ngokwezifiso kakhulu ngokumelene nabasebenzi bezinhlangano zaseYurophu.
Umthelela kubasebenzisi kanye nezinkampani eYurophu naseSpain
Icala le-DarkSpectre ligqamise izinga lapho uchungechunge oluthembekile ezitolo zokwandisa izinwele Lokhu kungaba yingozi kubantu nasezinhlanganweni. Nakuba lokhu kuhlasela kufinyeleleke emhlabeni wonke, iziphathimandla zaseYurophu kanye namaqembu okusabela ezigamekweni emazweni amaningana, okuhlanganisa neSpain, baqapha ngokucophelela umthelela kubasebenzisi bendawo.
Kubasebenzisi ngabanye, imiphumela ihumusha ibe ukuqapha okuyimfihlo kwakhe umsebenzi we-inthanethiUkwebiwa kobunikazi okungenzeka, amacala angagunyaziwe ekuthengweni kwe-inthanethi, kanye nokuvuza kwedatha yomuntu siqu okungagcina kutholakala ezinkundleni zokuxhumana eziyimfihlo. Izisulu eziningi ngeke ziqaphele nokuthi zihlaselwe, njengoba izandiso eziningi zibonakala zisebenza kahle.
Emkhakheni wezinkampani, inkinga inkulu kakhulu. Izinkampani zaseYurophu ezisekela ingxenye enkulu yokusebenza kwazo kumathuluzi efu kanye ne-videoconferencing zibhekene nazo. izingozi zobunhloli bezimboniUkuvuza kwezivumelwano zamasu kanye nokuvezwa kolwazi oluyimfihlo mayelana namakhasimende, abahlinzeki, kanye nabalingani. Ngaphezu kwalokho, izinkampani zingase zidingeke ukuthi zibike izehlakalo zokuphepha ngaphansi kwemithetho efana ne- Umthethonqubo Wokuvikelwa Kwemininingwane Jikelele (RGPD)uma sicabangela izindleko zedumela kanye nezijeziso ezingaba khona.
Imibiko yokuqala iphakamisa ukuthi inethiwekhi yobugebengu kungenzeka ukuthi yakheke yangempela izindawo zokugcina idatha zenkampani Lolu lwazi lutholakala ngezingxoxo zangasese, imibhalo eyabelwana ngayo emihlanganweni, kanye nokufinyelela okungagunyaziwe kuma-intranet noma izinsizakalo zangaphakathi. Luwusizo kakhulu ekuthengisweni ezimakethe ezimnyama, kanye nemikhankaso yokusongela noma ukuncintisana okungafanele.
Iziphathimandla zaseYurophu zisebenzisana nabahlinzeki bezobuchwepheshe ukuthuthukisa izinhlelo zokuthola izinwele ezitolo zokwandisa izinwele nokuqinisa ukulawulwa kokusetshenziswa kwedatha yomuntu siqu. Kodwa-ke, ochwepheshe baveza ukuthi akukho uhlelo oluzenzakalelayo olungenaphutha nokuthi umugqa wokugcina wokuzivikela uhlala ungumsebenzisi kanye nemikhuba yakhe yokuphepha.
Ungazivikela kanjani ngemva kokuhlaselwa okukhulu kwe-cyber ku-Chrome naku-Edge
Njengoba bebhekene nesimo esinde nesiyinkimbinkimbi kangaka, ochwepheshe bezokuphepha kwe-inthanethi batusa uchungechunge lwezinyathelo ezisheshayo zokuvimbela nciphisa umthelela yokuhlasela nokuvimbela ukutheleleka okwengeziwe, ikakhulukazi phakathi kwabasebenzisi be-Chrome ne-Edge eSpain nakulo lonke elaseYurophu.
Isinyathelo sokuqala ukwenza a ukuhlolwa okugcwele kwezandiso Lezi zengezo zifakiwe kuzo zonke iziphequluli. Kunconywa ukuzibuyekeza ngasinye ngasinye bese ukhipha noma yiziphi izengezo ezingabonwa, ezingasetshenziswa njalo, noma ezingaveli kunjiniyela othembekile. Uma ungabaza, kungcono ukususa nokufaka kabusha kuphela emthonjeni womhlinzeki osemthethweni uma kudingeka ngempela.
Kubalulekile futhi ukuhlola ukuthi isiphequluli kuvuselelwe enguqulweni yakamuva etholakalayoBobabili i-Google ne-Microsoft bebelokhu befaka ama-patches ukuvimba amanye amasu asetshenziswa yi-DarkSpectre, ngakho-ke izinguqulo zakamuva zifaka phakathi ukuthuthukiswa okuqondile ekutholakaleni kokuziphatha okusolisayo kanye nokuphathwa kwezimvume zokwandisa.
Ngokuphathelene nama-akhawunti aku-inthanethi, kunconywa ukushintsha amaphasiwedi ezinsizakalo ezibalulekile (i-imeyili, ibhange eliku-inthanethi, izinkundla zokuxhumana, amathuluzi ezinkampani) uma kukhona okusolakala ukuthi usebenzise isandiso esibucayi. Kungcono ukusebenzisa leli thuba ukusebenzisa amaphasiwedi ahlukile futhi aqinile kusevisi ngayinye, okungcono kakhulu ngosizo lomphathi wephasiwedi.
Ngaphezu kwalokho, ochwepheshe baphikelela ekusebenziseni ukuqinisekiswa kwezinto ezimbili (2FA) noma nini lapho kungenzeka. Le ndlela inezela ungqimba olwengeziwe lokuvikela, kangangokuthi noma umhlaseli ethola iphasiwedi, kuzoba nzima kakhulu ngaye ukufinyelela i-akhawunti ngaphandle kwekhodi yesikhashana noma isici sesibili sokuqinisekisa.
Okokugcina, ezinhlanganweni ezithembele kakhulu kumapulatifomu afana ne-Zoom, Teams, noma i-Google Meet, kunconywa ukuthi zisebenzise ukuhlolwa njalo kwezandiso ezifakiwe kuziphequluli zezinkampani, sebenzisa izinqubomgomo zokuphepha ezikhawulela ukufakwa kwezengezo ezingagunyaziwe futhi ziqeqesha abasebenzi ukuthi bathole ukukhwabanisa okungenzeka, kokubili kuzandiso kanye nama-imeyili noma izixhumanisi ezingase zihambisane nemikhankaso efanayo.
Konke okutholakale nge-DarkSpectre kanye nemikhankaso yayo ye-ShadyPanda, i-GhostPoster, kanye ne-Zoom Stealer kubonisa izinga Izandiso zesiphequluli sezibe yinto ebaluleke kakhulu Kuma-cybercriminals, inhlanganisela yokwethembana ezitolo ezisemthethweni, izici eziwusizo, kanye nokubuyekezwa okuguquliwe kuye kwabavumela ukuthi baqhubeke nokuhlaselwa buthule iminyaka eminingi okunomthelela omkhulu kubasebenzisi ngabanye kanye nezinkampani. Lokhu kusiphoqa ukuthi sicabange kabusha ukuthi sifaka futhi siphatha kanjani lezi zengezo empilweni yethu yansuku zonke yedijithali.
