{"id":12256,"date":"2026-02-02T21:30:04","date_gmt":"2026-02-02T21:30:04","guid":{"rendered":"https:\/\/bihavadis.com\/?p=12256"},"modified":"2026-02-02T21:30:04","modified_gmt":"2026-02-02T21:30:04","slug":"onu-ask-arkasi-casusluk","status":"publish","type":"post","link":"https:\/\/bihavadis.com\/index.php\/2026\/02\/02\/onu-ask-arkasi-casusluk\/","title":{"rendered":"\u00d6n\u00fc a\u015fk arkas\u0131 casusluk"},"content":{"rendered":"<p><strong>Siber g\u00fcvenlik \u015firketi ESET, \u00a0Pakistan&#8217;daki bireyleri hedef alan romantik doland\u0131r\u0131c\u0131l\u0131k taktikleri kullanan bir Android casus yaz\u0131l\u0131m kampanyas\u0131 ortaya \u00e7\u0131kard\u0131.\u00a0<\/strong><\/p>\n<p>Casus yaz\u0131l\u0131m kampanyas\u0131, kullan\u0131c\u0131lar\u0131n WhatsApp \u00fczerinden sohbet ba\u015flatmas\u0131na olanak tan\u0131yan bir sohbet platformu gibi g\u00f6r\u00fcnen k\u00f6t\u00fc ama\u00e7l\u0131 bir uygulama kullan\u0131yor. Romantik maskesinin alt\u0131nda, ESET&#8217;in GhostChat\u00a0ad\u0131n\u0131 verdi\u011fi k\u00f6t\u00fc ama\u00e7l\u0131 uygulaman\u0131n as\u0131l amac\u0131, kurban\u0131n verilerini ele ge\u00e7irmek. Ayn\u0131 tehdit akt\u00f6r\u00fc, kurbanlar\u0131n bilgisayarlar\u0131n\u0131n ele ge\u00e7irilmesine yol a\u00e7an ClickFix sald\u0131r\u0131s\u0131 ve kurbanlar\u0131n WhatsApp hesaplar\u0131na eri\u015fim sa\u011flayan WhatsApp cihaz ba\u011flama sald\u0131r\u0131s\u0131 da d\u00e2hil olmak \u00fczere daha geni\u015f bir casusluk operasyonu y\u00fcr\u00fct\u00fcyor gibi g\u00f6r\u00fcn\u00fcyor. B\u00f6ylece g\u00f6zetleme kapsam\u0131n\u0131 geni\u015fletiyor. Bu ba\u011flant\u0131l\u0131 sald\u0131r\u0131lar, Pakistan h\u00fck\u00fcmet kurulu\u015flar\u0131n\u0131 taklit eden web sitelerini yem olarak kulland\u0131. Kurbanlar, GhostChat&#8217;i bilinmeyen kaynaklardan edinmi\u015f ve manuel kurulum ger\u00e7ekle\u015ftirmi\u015f; bu uygulama Google Play&#8217;de yer alm\u0131yor ve varsay\u0131lan olarak etkinle\u015ftirilen Google Play Protect, bu uygulamaya kar\u015f\u0131 koruma sa\u011fl\u0131yor.<\/p>\n<p>Kampanyay\u0131 ke\u015ffeden ESET ara\u015ft\u0131rmac\u0131s\u0131 Luk\u00e1\u0161 \u0160tefanko, &#8220;Bu kampanya, benzer planlarda daha \u00f6nce g\u00f6rmedi\u011fimiz bir aldatma y\u00f6ntemi kullan\u0131yor. GhostChat&#8217;teki sahte kad\u0131n profilleri, potansiyel kurbanlara kilitli olarak sunuluyor ve bunlara eri\u015fmek i\u00e7in \u015fifreler gerekiyor. Ancak \u015fifreler uygulamada sabit olarak kodland\u0131\u011f\u0131ndan bu sadece potansiyel kurbanlara \u00f6zel eri\u015fim izlenimi yaratmay\u0131 ama\u00e7layan bir sosyal m\u00fchendislik takti\u011fi. Ara\u015ft\u0131rmam\u0131z, Pakistan&#8217;daki kullan\u0131c\u0131lara y\u00f6nelik, son derece hedefli ve \u00e7ok y\u00f6nl\u00fc bir casusluk kampanyas\u0131n\u0131 ortaya \u00e7\u0131kard\u0131&#8221; a\u00e7\u0131klamas\u0131n\u0131 yapt\u0131.\u00a0<\/p>\n<p>Uygulama, me\u015fru bir arkada\u015fl\u0131k uygulamas\u0131n\u0131n simgesini kullan\u0131yor ancak orijinal uygulaman\u0131n i\u015flevselli\u011finden yoksun ve bunun yerine mobil cihazlarda casusluk yapmak i\u00e7in bir yem ve ara\u00e7 g\u00f6revi g\u00f6r\u00fcyor. Giri\u015f yapt\u0131ktan sonra, kurbanlara 14 kad\u0131n profili sunuluyor; her profil, Pakistan (+92) \u00fclke koduna sahip belirli bir WhatsApp numaras\u0131na ba\u011fl\u0131. Yerel numaralar\u0131n kullan\u0131lmas\u0131, profillerin Pakistan&#8217;da ya\u015fayan ger\u00e7ek ki\u015filer oldu\u011fu yan\u0131lsamas\u0131n\u0131 peki\u015ftirerek doland\u0131r\u0131c\u0131l\u0131\u011f\u0131n inand\u0131r\u0131c\u0131l\u0131\u011f\u0131n\u0131 art\u0131r\u0131yor. Do\u011fru kodu girdikten sonra, uygulama kullan\u0131c\u0131y\u0131 WhatsApp&#8217;a y\u00f6nlendirerek atanan numara ile bir sohbet ba\u015flat\u0131yor \u2013 bu numara muhtemelen tehdit akt\u00f6r\u00fc taraf\u0131ndan i\u015fletiliyor.\u00a0<\/p>\n<p>Kurban uygulamay\u0131 kullan\u0131rken ve hatta oturum a\u00e7madan \u00f6nce, GhostChat casus yaz\u0131l\u0131m\u0131 arka planda \u00e7al\u0131\u015fmaya ba\u015flar, cihazdaki etkinlikleri sessizce izler ve hassas verileri bir C&#038;C sunucusuna aktar\u0131r. \u0130lk veri aktar\u0131m\u0131n\u0131n \u00f6tesinde, GhostChat aktif casusluk faaliyetlerinde bulunur: Yeni olu\u015fturulan g\u00f6r\u00fcnt\u00fcleri izlemek i\u00e7in bir i\u00e7erik g\u00f6zlemcisi kurar ve g\u00f6r\u00fcnt\u00fcler ortaya \u00e7\u0131kt\u0131k\u00e7a bunlar\u0131 y\u00fckler. Ayr\u0131ca her be\u015f dakikada bir yeni belgeleri tarayan periyodik bir g\u00f6rev planlayarak s\u00fcrekli g\u00f6zetim ve veri toplama sa\u011flar.<\/p>\n<p>Kampanya, ClickFix tabanl\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131m\u0131 ve WhatsApp hesap ele ge\u00e7irme tekniklerini i\u00e7eren daha geni\u015f bir altyap\u0131yla da ba\u011flant\u0131l\u0131. Bu operasyonlar, sahte web sitelerini, ulusal yetkililerin kimli\u011fine b\u00fcr\u00fcnmeyi ve aldat\u0131c\u0131, QR kodu tabanl\u0131 cihaz ba\u011flant\u0131lar\u0131n\u0131 kullanarak hem masa\u00fcst\u00fc hem de mobil platformlar\u0131 tehlikeye atar. ClickFix, kullan\u0131c\u0131lar\u0131 g\u00f6r\u00fcn\u00fc\u015fte me\u015fru talimatlar\u0131 izleyerek cihazlar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 kodu manuel olarak \u00e7al\u0131\u015ft\u0131rmaya y\u00f6nlendiren bir sosyal m\u00fchendislik tekni\u011fi.<\/p>\n<p>ClickFix sald\u0131r\u0131s\u0131 yoluyla masa\u00fcst\u00fc hedeflemenin yan\u0131 s\u0131ra WhatsApp kullan\u0131c\u0131lar\u0131n\u0131 hedefleyen mobil odakl\u0131 bir operasyonda k\u00f6t\u00fc ama\u00e7l\u0131 bir etki alan\u0131 kullan\u0131ld\u0131. Kurbanlar, Android cihazlar\u0131n\u0131 veya iPhone&#8217;lar\u0131n\u0131 WhatsApp Web veya Desktop&#8217;a ba\u011flamak i\u00e7in bir QR kodunu tarayarak Pakistan Savunma Bakanl\u0131\u011f\u0131&#8217;n\u0131n bir kanal\u0131 gibi g\u00f6r\u00fcnen s\u00f6zde bir toplulu\u011fa kat\u0131lmaya ikna edildi. GhostPairing olarak bilinen bu teknik, sald\u0131rganlar\u0131n kurbanlar\u0131n sohbet ge\u00e7mi\u015fine ve ki\u015filerine eri\u015fim sa\u011flamas\u0131na, hesap sahipleriyle ayn\u0131 d\u00fczeyde g\u00f6r\u00fcn\u00fcrl\u00fck ve kontrol elde etmesine ve b\u00f6ylece \u00f6zel ileti\u015fimlerini etkili bir \u015fekilde tehlikeye atmas\u0131na olanak tan\u0131r.<\/p>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik \u015firketi ESET, \u00a0Pakistan&#8217;daki bireyleri hedef alan romantik doland\u0131r\u0131c\u0131l\u0131k taktikleri kullanan bir Android casus yaz\u0131l\u0131m kampanyas\u0131 ortaya \u00e7\u0131kard\u0131.\u00a0<\/p>\n","protected":false},"author":1,"featured_media":12257,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[2604,2606,2605,2388,2603],"class_list":["post-12256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-casus","tag-cihaz","tag-pakistan","tag-uygulama","tag-whatsapp"],"_links":{"self":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/12256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/comments?post=12256"}],"version-history":[{"count":1,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/12256\/revisions"}],"predecessor-version":[{"id":12258,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/12256\/revisions\/12258"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media\/12257"}],"wp:attachment":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media?parent=12256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/categories?post=12256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/tags?post=12256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}