Waxay u muuqataa in horumariyeyaasha Gudbinta ay bartilmaameed u yihiin haakarisku, maadaama aysan ahayn markii ugu horreysay ee loo maro softiweerkan faylasha laga soo dejiyo qaar ka mid ah kharribayaasha kale ayaa ku soo dhuunta Mac meesha lagu rakibay. Munaasabaddan, khayaanada waxaa loo qaybiyay soo degsashada codsigan intii u dhaxaysay Ogosto 28 iyo 29. Xirmada rakibaadda waxaa ku jiray Keydnap furin gudaha ah. Noocii hore ee khayaanadan ayaa looga baahday isticmaaleyaashu inay gujiyaan fayl xun, oo si toos ah u furay Terminalka. Kadibna furinku wuxuu sugay inta dalabka la fulinayo waxayna na tustay daaqad naga codsaneysa xaqiijin.
Laakiin qaabkan cusub, khayaanadani uma baahna codsi labaad oo la adeegsado ama adeegsadaha si loo xaqiijiyo, si fudud si wada jir ah loogu rakibay Gudbinta. Maaddaama arjiga ay saxiixday Apple, Gatekeeper wuxuu oggol yahay fulinta codsigan iyada oo aan la hubin waqti kasta haddii ay ku jirto malware iyo in kale.
Markaad rakibto oo aad xakamayso Mac-gaaga, cusbooneysiintan cusub ee Keydnap furin ayaa sameyn kara loo isticmaali jiray in lagu adeegsado furaha meesha aan ku keydiso dhammaan ereyada sirta ah la xidhiidha bogagga shabakadda, si macquul ah oo ay ku jiraan kuwa loogu talagalay helitaanka koontooyinkeenna bangiga. Laakiin kuma koobna oo keliya helitaanka, waxay si dhakhso leh ugu soo dejisaa faylka server-yada soo saaray khayaanadan.
Saxiixa laga helay xirmada rakibayaasha Gudbinta si macquul ah Maaha kan iska leh kuwa wax dhisa ee sharciga ah, Apple ayaa lagu wargaliyay inay ka noqoto marinka shirkadan maadaama aysan ahayn tan ay iska leeyihiin kuwa horumariya. Horumariyayaashu waxay si dhakhso leh ugu dhaqaaqeen inay ka saaraan koobiga fayraska ku dhacay server-yadooda isla marka lagu wargaliyo dhibaatadan.
Waxay umuuqataa in amniga adeegaha shirkada markasta albaabka u furan yahay, maxaa yeelay tani waa markii labaad ee ay jabsadayaashu ku soo dhex dhuuntaan oo ay u beddelaan faylka soo dejinta ee asalka ah nuqul ay ku jiraan malware. Markii hore, furintii ku dhuumatay xirmada rakibaadda waxay ahayd KeRanger. In kasta oo baadhitaannadu ay sameeyaan mar kasta, haakarisku mar labaad iyo mar labaad ayuu galayaa. Waxay u muuqataa inay tahay inay naftooda u huraan wax kale ama doortaan inay beddelaan server-yada. Waqtigan xaadirka ah nuqulka cusub ayaa horeyba loogu kaydiyay server-yada Github.
Sidee looga saaraa Keynap-ka Mac-keena cudurka qaba Gudbinta
Cilmi baarista ESET waxay ku talineysaa in dhammaan isticmaaleyaasha soo dejiyey oo rakibay barnaamijka "iTransmission" inta u dhaxeysa 28aad iyo 29aad raadi oo tirtir mid ka mid ah feylashaas ama buug-yaraha ku jira Mac-yadaada:
- / Codsiyada / Gudbinta.app/Contents/Resources/License.rtf
- /Qarashka / Gudbinta / Gudbinta.app/Contents/Resources/License.rtf
- $ HOME / Maktabad / Taageero Codsi / com.apple.iCloud.sync.daemon / icloudsyncd
- $ HOME / Maktabad / Taageero Codsi / com.apple.iCloud.sync.daemon / process.id
- $ HOME / Library / LaunchAgents / com.apple.iCloud.sync.daemon.plist
- / Maktabadda / Taageerada Codsiga / com.apple.iCloud.sync.daemon /
- $ HOME / Library / LaunchAgents / com.geticloud.icloud.photo.plist
Marka xigta waa inaan tagnaa Kormeerka Waxqabadka iyo curyaaminta geeddi-socod kasta oo la xiriira faylasha soo socda:
- icloudproc
- Shatiga .rtf
- icloudsyncd
- / usr / libexec / icloudsyncd -launchd netlogon.bundle
Kadib barnaamijka ka tirtir nidaamkayaga oo dib-u-soo-dejinta Gudbinta mar kale server-yada Github, halkaasoo ay ku martigeliyeen maxaa yeelay waxay bixisaa ammaan ka weyn kuwa ay iyagu leeyihiin.