{"id":24467,"date":"2026-02-09T20:15:06","date_gmt":"2026-02-09T20:15:06","guid":{"rendered":"https:\/\/bihavadis.com\/?p=24467"},"modified":"2026-02-09T20:15:06","modified_gmt":"2026-02-09T20:15:06","slug":"kaspersky-chatgptnin-sohbet-paylasim-ozelligini-istismar-eden-macos-bilgi-hirsizi-kampanyasini-ortaya-cikardi","status":"publish","type":"post","link":"https:\/\/bihavadis.com\/index.php\/2026\/02\/09\/kaspersky-chatgptnin-sohbet-paylasim-ozelligini-istismar-eden-macos-bilgi-hirsizi-kampanyasini-ortaya-cikardi\/","title":{"rendered":"Kaspersky, ChatGPT&#8217;nin sohbet payla\u015f\u0131m \u00f6zelli\u011fini istismar eden macOS bilgi h\u0131rs\u0131z\u0131 kampanyas\u0131n\u0131 ortaya \u00e7\u0131kard\u0131"},"content":{"rendered":"<p><strong>Kaspersky Tehdit Ara\u015ft\u0131rma ekibi, \u00fccretli Google arama reklamlar\u0131 ve ChatGPT\u2019nin resmi internet sitesinde payla\u015f\u0131lan sohbetler arac\u0131l\u0131\u011f\u0131yla Mac kullan\u0131c\u0131lar\u0131n\u0131 kand\u0131rmay\u0131 ama\u00e7layan yeni bir zararl\u0131 yaz\u0131l\u0131m kampanyas\u0131 tespit etti. S\u00f6z konusu kampanyada sald\u0131rganlar, kullan\u0131c\u0131lar\u0131 AMOS (Atomic macOS Stealer) adl\u0131 bilgi h\u0131rs\u0131z\u0131 yaz\u0131l\u0131m\u0131 ve kal\u0131c\u0131 bir arka kap\u0131y\u0131 cihazlar\u0131na kendi elleriyle kurmaya y\u00f6nlendiriyor.<\/strong><\/p>\n<p>Bu kampanyada sald\u0131rganlar, \u201cchatgpt atlas\u201d gibi arama sorgular\u0131 i\u00e7in sponsorlu reklamlar sat\u0131n al\u0131yor ve kullan\u0131c\u0131lar\u0131, chatgpt.com alan ad\u0131 \u00fczerinde bar\u0131nd\u0131r\u0131lan \u201cChatGPT Atlas for macOS\u201d adl\u0131 s\u00f6zde bir kurulum rehberine y\u00f6nlendiriyor. Ger\u00e7ekte ise bu sayfa, istem m\u00fchendisli\u011fi (prompt engineering) kullan\u0131larak olu\u015fturulmu\u015f payla\u015f\u0131ma a\u00e7\u0131k bir ChatGPT sohbetinden ibaret. \u0130\u00e7erik, yaln\u0131zca ad\u0131m ad\u0131m \u201ckurulum\u201d talimatlar\u0131 kalacak \u015fekilde d\u00fczenlenmi\u015f durumda. Rehber, kullan\u0131c\u0131lardan tek sat\u0131rl\u0131k bir kodu kopyalamalar\u0131n\u0131, macOS Terminal\u2019i a\u00e7arak bu komutu yap\u0131\u015ft\u0131rmalar\u0131n\u0131 ve istenen t\u00fcm izinleri vermelerini istiyor.<\/p>\n<p>Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n analizine g\u00f6re, bu komut atlas-extension[.]com adl\u0131 harici bir alan ad\u0131ndan bir betik indirip \u00e7al\u0131\u015ft\u0131r\u0131yor. Betik, sistem komutlar\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rmay\u0131 deneyerek do\u011frulama yapmak amac\u0131yla kullan\u0131c\u0131dan tekrar tekrar sistem parolas\u0131n\u0131 talep ediyor. Do\u011fru parola girildi\u011finde ise betik, AMOS bilgi h\u0131rs\u0131z\u0131n\u0131 indiriyor, ele ge\u00e7irilen kimlik bilgilerini kullanarak zararl\u0131 yaz\u0131l\u0131m\u0131 sisteme kuruyor ve \u00e7al\u0131\u015ft\u0131r\u0131yor. Bu enfeksiyon s\u00fcreci, kullan\u0131c\u0131lar\u0131n uzaktaki sunuculardan kod indirip \u00e7al\u0131\u015ft\u0131ran kabuk komutlar\u0131n\u0131 manuel olarak y\u00fcr\u00fctmeye ikna edildi\u011fi ClickFix olarak bilinen tekni\u011fin bir varyasyonunu temsil ediyor.<\/p>\n<p>AMOS, kurulumun ard\u0131ndan maddi kazan\u00e7 sa\u011flamak veya daha sonraki sald\u0131r\u0131larda kullan\u0131lmak \u00fczere \u00e7e\u015fitli verileri topluyor. Zararl\u0131 yaz\u0131l\u0131m; pop\u00fcler taray\u0131c\u0131lardan parola ve \u00e7erezleri, Electrum, Coinomi ve Exodus gibi kripto para c\u00fczdanlar\u0131na ait verileri, ayr\u0131ca Telegram Desktop ve OpenVPN Connect gibi uygulamalardan bilgileri hedef al\u0131yor. Bununla birlikte Masa\u00fcst\u00fc, Belgeler ve \u0130ndirilenler klas\u00f6rlerinde bulunan TXT, PDF ve DOCX uzant\u0131l\u0131 dosyalar\u0131, Notes uygulamas\u0131 taraf\u0131ndan saklanan dosyalarla birlikte tar\u0131yor ve bu verileri sald\u0131rganlar\u0131n kontrol\u00fcndeki altyap\u0131ya s\u0131zd\u0131r\u0131yor. Paralel olarak, sistem yeniden ba\u015flat\u0131ld\u0131\u011f\u0131nda otomatik olarak devreye giren bir arka kap\u0131 da kuruluyor; bu arka kap\u0131 sald\u0131rganlara uzaktan eri\u015fim imk\u00e2n\u0131 sa\u011fl\u0131yor ve AMOS ile b\u00fcy\u00fck \u00f6l\u00e7\u00fcde \u00f6rt\u00fc\u015fen bir veri toplama mant\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131yor.<\/p>\n<p>Bu kampanya, bilgi h\u0131rs\u0131z\u0131 zararl\u0131 yaz\u0131l\u0131mlar\u0131n\u00a02025 y\u0131l\u0131n\u0131n en h\u0131zl\u0131 b\u00fcy\u00fcyen tehditleri\u00a0aras\u0131nda yer ald\u0131\u011f\u0131na i\u015faret eden daha geni\u015f bir e\u011filimin par\u00e7as\u0131 olarak \u00f6ne \u00e7\u0131k\u0131yor. Sald\u0131rganlar, oltalama senaryolar\u0131n\u0131 daha inand\u0131r\u0131c\u0131 k\u0131lmak i\u00e7in yapay zek\u00e2 temalar\u0131n\u0131, sahte YZ ara\u00e7lar\u0131n\u0131 ve YZ taraf\u0131ndan \u00fcretilmi\u015f i\u00e7erikleri giderek daha fazla kullan\u0131yor. Son d\u00f6nemde sahte YZ taray\u0131c\u0131 kenar \u00e7ubuklar\u0131 ve pop\u00fcler modeller i\u00e7in haz\u0131rlanm\u0131\u015f sahte istemci uygulamalar\u0131 gibi \u00f6rnekler g\u00f6r\u00fcl\u00fcrken, Atlas temal\u0131 bu faaliyet, me\u015fru bir YZ platformunun yerle\u015fik i\u00e7erik payla\u015f\u0131m \u00f6zelli\u011finin k\u00f6t\u00fcye kullan\u0131lmas\u0131na kadar uzan\u0131yor.<\/p>\n<p><strong>Kaspersky Zararl\u0131 Yaz\u0131l\u0131m Analisti Vladimir Gursky<\/strong>, konuyla ilgili \u015funlar\u0131 s\u00f6yledi: \u201c<em>Bu vakay\u0131 etkili k\u0131lan unsur, geli\u015fmi\u015f bir teknik a\u00e7\u0131k de\u011fil; sosyal m\u00fchendisli\u011fin tan\u0131d\u0131k bir yapay zek\u00e2 ba\u011flam\u0131 i\u00e7inde sunulmas\u0131. Sponsorlu bir ba\u011flant\u0131, g\u00fcvenilir bir alan ad\u0131ndaki d\u00fczenli bir sayfaya y\u00f6nlendiriyor ve \u2018kurulum rehberi\u2019 tek bir Terminal komutundan ibaret. Bir\u00e7ok kullan\u0131c\u0131 i\u00e7in bu g\u00fcven ve basitlik birle\u015fimi, al\u0131\u015f\u0131ld\u0131k temkin mekanizmalar\u0131n\u0131 devre d\u0131\u015f\u0131 b\u0131rakmaya yetiyor. Oysa sonu\u00e7, sistemin tamamen ele ge\u00e7irilmesi ve sald\u0131rgan i\u00e7in uzun vadeli eri\u015fim anlam\u0131na geliyor<\/em>.\u201d<\/p>\n<p>Kaspersky, kullan\u0131c\u0131lara \u015fu \u00f6nerilerde bulunuyor:<\/p>\n<ul>\n<li>\u00d6zellikle bir web sitesi, belge ya da sohbet \u00fczerinden tek sat\u0131rl\u0131k bir beti\u011fin kopyalan\u0131p yap\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 i\u00e7eren ve Terminal veya PowerShell \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 isteyen, talep edilmemi\u015f \u201crehberlere\u201d kar\u015f\u0131 temkinli olun.<\/li>\n<li>Talimatlar net de\u011filse bu t\u00fcr sayfalar\u0131 kapat\u0131n veya mesajlar\u0131 silin; devam etmeden \u00f6nce bilgili bir kaynaktan g\u00f6r\u00fc\u015f al\u0131n.<\/li>\n<li>\u015e\u00fcpheli komutlar\u0131 \u00e7al\u0131\u015ft\u0131rmadan \u00f6nce, kodun ne yapt\u0131\u011f\u0131n\u0131 anlamak i\u00e7in ayr\u0131 bir yapay zek\u00e2 veya g\u00fcvenlik arac\u0131na yap\u0131\u015ft\u0131rarak incelemeyi de\u011ferlendirin.<\/li>\n<li>macOS ve Linux sistemler d\u00e2hil olmak \u00fczere t\u00fcm cihazlarda,\u00a0Kaspersky Premium\u00a0gibi sayg\u0131n bir g\u00fcvenlik yaz\u0131l\u0131m\u0131 kullanarak bilgi h\u0131rs\u0131zlar\u0131n\u0131 ve ili\u015fkili zararl\u0131 y\u00fckleri tespit edip engelleyin.<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky Tehdit Ara\u015ft\u0131rma ekibi, \u00fccretli Google arama reklamlar\u0131 ve ChatGPT\u2019nin resmi internet sitesinde payla\u015f\u0131lan sohbetler arac\u0131l\u0131\u011f\u0131yla Mac kullan\u0131c\u0131lar\u0131n\u0131 kand\u0131rmay\u0131 ama\u00e7layan yeni bir zararl\u0131 yaz\u0131l\u0131m kampanyas\u0131 tespit etti.<\/p>\n","protected":false},"author":1,"featured_media":24468,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[527,462,4128,344,1041],"class_list":["post-24467","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spor","tag-bilgi","tag-kullanici","tag-saldirgan","tag-sistem","tag-tek"],"_links":{"self":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/24467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/comments?post=24467"}],"version-history":[{"count":1,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/24467\/revisions"}],"predecessor-version":[{"id":24469,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/24467\/revisions\/24469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media\/24468"}],"wp:attachment":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media?parent=24467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/categories?post=24467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/tags?post=24467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}