Kaspersky Tehdit Ara\u015ft\u0131rma ekibi, son d\u00f6nemde kamuoyunun dikkatini \u00e7eken bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyicisi olan RenEngine\u2019e ili\u015fkin analizini yay\u0131mlad\u0131. Kaspersky, RenEngine \u00f6rneklerini ilk olarak Mart 2025\u2019te tespit etti\u011fini ve o tarihten itibaren g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin kullan\u0131c\u0131lar\u0131 bu tehdide kar\u015f\u0131 korudu\u011funu a\u00e7\u0131klad\u0131.<\/p>\n
Son raporlarda \u00f6ne \u00e7\u0131kan korsan oyunlar\u0131n \u00f6tesine ge\u00e7en Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131, sald\u0131rganlar\u0131n RenEngine\u2019i da\u011f\u0131tmak amac\u0131yla aralar\u0131nda CorelDRAW gibi grafik d\u00fczenleme yaz\u0131l\u0131mlar\u0131n\u0131n da bulundu\u011fu korsan yaz\u0131l\u0131mlar sunan onlarca web sitesi olu\u015fturdu\u011funu belirledi. Bu durum, sald\u0131r\u0131 y\u00fczeyinin yaln\u0131zca oyuncu toplulu\u011fuyla s\u0131n\u0131rl\u0131 kalmad\u0131\u011f\u0131n\u0131; lisanss\u0131z yaz\u0131l\u0131m arayan t\u00fcm kullan\u0131c\u0131lar\u0131 kapsayacak \u015fekilde geni\u015fledi\u011fini ortaya koyuyor.<\/p>\n
Kaspersky, Rusya, Brezilya, T\u00fcrkiye, \u0130spanya ve Almanya dahil olmak \u00fczere \u00e7e\u015fitli \u00fclkelerde olay kaydetti. Da\u011f\u0131t\u0131m modeli, hedefli operasyonlardan ziyade f\u0131rsat\u00e7\u0131 sald\u0131r\u0131 yakla\u015f\u0131m\u0131na i\u015faret ediyor.<\/p>\n
Kaspersky\u2019nin RenEngine\u2019i ilk tespit etti\u011fi d\u00f6nemde s\u00f6z konusu zararl\u0131 yaz\u0131l\u0131m, Lumma Stealer adl\u0131 bilgi h\u0131rs\u0131z\u0131n\u0131 da\u011f\u0131t\u0131yordu. G\u00fcncel sald\u0131r\u0131larda ise nihai y\u00fck olarak ACR Stealer\u2019\u0131n da\u011f\u0131t\u0131ld\u0131\u011f\u0131, baz\u0131 enfeksiyon zincirlerinde ise Vidar Stealer\u2019\u0131n da yer ald\u0131\u011f\u0131 g\u00f6zlemlendi.<\/p>\n
Kampanya, Ren\u2019Py g\u00f6rsel roman motoru \u00fczerine in\u015fa edilmi\u015f oyunlar\u0131n de\u011fi\u015ftirilmi\u015f s\u00fcr\u00fcmlerini istismar ediyor. Kullan\u0131c\u0131lar enfekte y\u00fckleyicileri \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131nda, arka planda k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131 y\u00fcr\u00fct\u00fcl\u00fcrken sahte bir y\u00fckleme ekran\u0131 g\u00f6r\u00fcnt\u00fcleniyor. Bu komut dosyalar\u0131, sanal ortam (sandbox) tespit yetenekleri sahip. S\u00fcre\u00e7te, mod\u00fcler bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131m arac\u0131 olan HijackLoader kullan\u0131l\u0131yor.<\/p>\n
Kaspersky Tehdit Ara\u015ft\u0131rmalar\u0131 K\u0131demli Zararl\u0131 Yaz\u0131l\u0131m Analisti Pavel<\/strong>\u00a0Sinenko, konuya ili\u015fkin \u015fu a\u00e7\u0131klamalarda bulundu: “Bu tehdit sadece korsan oyunlarla s\u0131n\u0131rl\u0131 de\u011fil; sald\u0131rganlar ayn\u0131 teknikle crack’li verimlilik yaz\u0131l\u0131mlar\u0131n\u0131 da hedef al\u0131yor. Bu da potansiyel kurban havuzunu ciddi \u00f6l\u00e7\u00fcde b\u00fcy\u00fct\u00fcyor. Oyun ar\u015fiv formatlar\u0131 motorlara ve oyunun ad\u0131na g\u00f6re de\u011fi\u015fiklik g\u00f6sterir. E\u011fer bir motor kendi kaynaklar\u0131n\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc kontrol etmiyorsa, sald\u0131rganlar ‘oynat’ butonuna bast\u0131\u011f\u0131n\u0131z anda devreye girecek zararl\u0131 yaz\u0131l\u0131mlar\u0131 sisteme kolayca yerle\u015ftirebilir.”<\/em><\/p>\n Kaspersky \u00e7\u00f6z\u00fcmleri RenEngine\u2019i Trojan.Python.Agent.nb ve HEUR:Trojan.Python.Agent.gen olarak; HijackLoader\u2019\u0131 ise Trojan.Win32.Penguish ve Trojan.Win32.DllHijacker olarak tespit ediyor.<\/p>\n Kaspersky, kullan\u0131c\u0131lar\u0131n korunmas\u0131 i\u00e7in \u015fu \u00f6nerilerde bulunuyor:<\/p>\n \u00a0<\/p>\n Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":" Kaspersky Tehdit Ara\u015ft\u0131rma ekibi, son d\u00f6nemde kamuoyunun dikkatini \u00e7eken bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyicisi olan RenEngine\u2019e ili\u015fkin analizini yay\u0131mlad\u0131.<\/p>\n","protected":false},"author":1,"featured_media":44167,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[5382,278,1808,1105,1217],"class_list":["post-44166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-kaspersky","tag-oyun","tag-tehdit","tag-tespit","tag-yazilim"],"_links":{"self":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/44166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/comments?post=44166"}],"version-history":[{"count":1,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/44166\/revisions"}],"predecessor-version":[{"id":44168,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/posts\/44166\/revisions\/44168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media\/44167"}],"wp:attachment":[{"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/media?parent=44166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/categories?post=44166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bihavadis.com\/index.php\/wp-json\/wp\/v2\/tags?post=44166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n