{"id":12079,"date":"2026-04-22T08:18:59","date_gmt":"2026-04-22T08:18:59","guid":{"rendered":"https:\/\/busondakika.com.tr\/?p=12079"},"modified":"2026-04-22T08:19:00","modified_gmt":"2026-04-22T08:19:00","slug":"temassiz-tehdit-buyuyor-nfc-saldirilari-yayiliyor","status":"publish","type":"post","link":"https:\/\/busondakika.com.tr\/?p=12079","title":{"rendered":"Temass\u0131z tehdit b\u00fcy\u00fcyor, NFC sald\u0131r\u0131lar\u0131 yay\u0131l\u0131yor"},"content":{"rendered":"

Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, daha \u00f6nce kullan\u0131lan NFCGate arac\u0131 yerine HandyPay adl\u0131 me\u015fru bir Android uygulamas\u0131n\u0131 k\u00f6t\u00fcye kullanan NGate k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesinin yeni bir varyant\u0131n\u0131 ke\u015ffetti. Birincil hedef Brezilya’daki kullan\u0131c\u0131lar olmakla birlikte, NFC tabanl\u0131 sald\u0131r\u0131lar yeni b\u00f6lgelere yay\u0131l\u0131yor. Tehdidin yay\u0131ld\u0131\u011f\u0131 \u00fclkeler i\u00e7erisinde T\u00fcrkiye\u2019de var.\u00a0<\/strong><\/p>\n

Ak\u0131ll\u0131 telefonlar ve temass\u0131z kartlar gibi cihazlar\u0131n \u00e7ok k\u0131sa mesafeden kablosuz olarak veri al\u0131\u015fveri\u015fi yapmas\u0131n\u0131 sa\u011flayan bir teknoloji olan NFC (Near Field Communication \u2013 Yak\u0131n Alan \u0130leti\u015fimi) g\u00fcnl\u00fck hayatta en yayg\u0131n olarak temass\u0131z \u00f6deme i\u015flemlerinde kullan\u0131l\u0131yor. \u00a0Tehdit akt\u00f6rleri, NFC verilerini aktarmak i\u00e7in kullan\u0131lan uygulamay\u0131 ele ge\u00e7irdi ve yapay zek\u00e2 taraf\u0131ndan \u00fcretilmi\u015f gibi g\u00f6r\u00fcnen k\u00f6t\u00fc ama\u00e7l\u0131 kodla yamalad\u0131. NGate’in \u00f6nceki s\u00fcr\u00fcmlerinde oldu\u011fu gibi, bu k\u00f6t\u00fc ama\u00e7l\u0131 kod sald\u0131rganlar\u0131n kurban\u0131n \u00f6deme kart\u0131ndaki NFC verilerini kendi cihazlar\u0131na aktarmas\u0131na ve bunlar\u0131 temass\u0131z ATM para \u00e7ekme i\u015flemleri ve yetkisiz \u00f6demeler i\u00e7in kullanmas\u0131na olanak tan\u0131yor. Ayr\u0131ca kod, kurbanlar\u0131n \u00f6deme kart\u0131 PIN’lerini ele ge\u00e7irebilir ve bunlar\u0131 operat\u00f6rlerin C&C sunucusuna aktarabilir.\u00a0\u00a0<\/strong><\/p>\n

HandyPay’i trojanize etmek i\u00e7in kullan\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 kod, GenAI ara\u00e7lar\u0131n\u0131n yard\u0131m\u0131yla \u00fcretilmi\u015f oldu\u011funa dair i\u015faretler g\u00f6steriyor. \u00d6zellikle, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m g\u00fcnl\u00fckleri, yapay zek\u00e2 taraf\u0131ndan \u00fcretilen metinlere \u00f6zg\u00fc bir emoji i\u00e7eriyor; bu da kesin kan\u0131t bulunmamas\u0131na ra\u011fmen kodun \u00fcretilmesinde veya de\u011fi\u015ftirilmesinde LLM’lerin rol oynad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnd\u00fcr\u00fcyor. Bu durum, \u00fcretken yapay zek\u00e2n\u0131n siber su\u00e7lular i\u00e7in giri\u015f engelini d\u00fc\u015f\u00fcrd\u00fc\u011f\u00fc ve s\u0131n\u0131rl\u0131 teknik beceriye sahip tehdit akt\u00f6rlerinin i\u015flevsel k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar \u00fcretmesini sa\u011flad\u0131\u011f\u0131 daha geni\u015f bir e\u011filime uyuyor.<\/p>\n

ESET Research, trojanize edilmi\u015f HandyPay’i da\u011f\u0131tan kampanyan\u0131n yakla\u015f\u0131k olarak 2025 y\u0131l\u0131n\u0131n Kas\u0131m ay\u0131nda ba\u015flad\u0131\u011f\u0131n\u0131 ve h\u00e2len aktif oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor. Ayr\u0131ca HandyPay’in k\u00f6t\u00fc ama\u00e7l\u0131 yamalanm\u0131\u015f s\u00fcr\u00fcm\u00fcn\u00fcn resm\u00ee Google Play ma\u011fazas\u0131nda hi\u00e7bir zaman bulunmad\u0131\u011f\u0131na da dikkat \u00e7ekiliyor. ESET App Defense Alliance orta\u011f\u0131 olarak, bulgular\u0131n\u0131 Google ile payla\u015ft\u0131. ESET ayr\u0131ca HandyPay geli\u015ftiricileriyle ileti\u015fime ge\u00e7erek uygulamalar\u0131n\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 kullan\u0131m\u0131 konusunda onlar\u0131 uyard\u0131.\u00a0<\/p>\n

NFC tehditlerinin say\u0131s\u0131 artmaya devam ettik\u00e7e bunlar\u0131 destekleyen ekosistem de daha sa\u011flam h\u00e2le geldi. \u0130lk NGate sald\u0131r\u0131lar\u0131, NFC verilerinin aktar\u0131m\u0131n\u0131 kolayla\u015ft\u0131rmak i\u00e7in a\u00e7\u0131k kaynakl\u0131 NFCGate arac\u0131n\u0131 kullan\u0131yordu. O zamandan beri, benzer i\u015flevlere sahip birka\u00e7 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m hizmeti (MaaS) sat\u0131n al\u0131nabilir h\u00e2le geldi. Ancak bu kampanyada tehdit akt\u00f6rleri kendi \u00e7\u00f6z\u00fcmlerini kullanmaya karar vererek mevcut bir uygulamay\u0131, HandyPay’i k\u00f6t\u00fc niyetle yamalad\u0131lar.<\/p>\n

Yeni NGate varyant\u0131n\u0131 ke\u015ffeden ESET ara\u015ft\u0131rmac\u0131s\u0131 Luk\u00e1\u0161 \u0160tefanko \u015fu a\u00e7\u0131klamalarda bulundu: \u201cBu kampanyan\u0131n operat\u00f6rleri, NFC verilerini aktarmak i\u00e7in yerle\u015fik bir \u00e7\u00f6z\u00fcm\u00fc kullanmak yerine neden HandyPay uygulamas\u0131n\u0131 trojanize etmeye karar verdiler? Cevap basit: Para. Mevcut MaaS kitlerinin abonelik \u00fccretleri y\u00fczlerce dolara ula\u015f\u0131yor: NFU Pay, \u00fcr\u00fcn\u00fcn\u00fc ayl\u0131k yakla\u015f\u0131k 400 ABD dolar\u0131 kar\u015f\u0131l\u0131\u011f\u0131nda satarken TX-NFC ise ayl\u0131k yakla\u015f\u0131k 500 ABD dolar\u0131 istiyor. \u00d6te yandan, me\u015fru HandyPay uygulamas\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde daha ucuz ve ayl\u0131k sadece 9,99 \u20ac ba\u011f\u0131\u015f talep ediyor, o da varsa. Fiyata ek olarak, HandyPay do\u011fal olarak herhangi bir izin gerektirmez, sadece varsay\u0131lan \u00f6deme uygulamas\u0131 olarak ayarlanmas\u0131 yeterlidir; bu da tehdit akt\u00f6rlerinin \u015f\u00fcphe uyand\u0131rmamas\u0131n\u0131 sa\u011flar.\u201d<\/p>\n

\u0130lk yeni NGate \u00f6rne\u011fi, Rio de Janeiro eyalet piyango kurumu (Loterj) taraf\u0131ndan i\u015fletilen bir piyango olan Rio de Pr\u00eamios\u2019u taklit eden bir web sitesi arac\u0131l\u0131\u011f\u0131yla; ikinci NGate \u00f6rne\u011fi ise sahte bir Google Play web sayfas\u0131 \u00fczerinden \u201cProte\u00e7\u00e3o Cart\u00e3o\u201d adl\u0131 bir uygulama olarak da\u011f\u0131t\u0131l\u0131yor. Her iki site de ayn\u0131 etki alan\u0131nda bar\u0131nd\u0131r\u0131l\u0131yordu; bu durum, tek bir tehdit akt\u00f6r\u00fcn\u00fcn i\u015f ba\u015f\u0131nda oldu\u011funu kuvvetle i\u015faret ediyor. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, HandyPay hizmetini k\u00f6t\u00fcye kullanarak NFC kart verilerini sald\u0131rgan\u0131n kontrol\u00fcndeki bir cihaza iletiyor. K\u00f6t\u00fc ama\u00e7l\u0131 kod, NFC verilerini iletmenin yan\u0131 s\u0131ra \u00f6deme kart\u0131 PIN’lerini de \u00e7al\u0131yor ve b\u00f6ylece tehdit akt\u00f6r\u00fcn\u00fcn kurban\u0131n \u00f6deme kart\u0131 verilerini kullanarak ATM’lerden nakit \u00e7ekmesini sa\u011fl\u0131yor.<\/p>\n

\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, daha \u00f6nce kullan\u0131lan NFCGate arac\u0131 yerine HandyPay adl\u0131 me\u015fru bir Android uygulamas\u0131n\u0131 k\u00f6t\u00fcye kullanan NGate k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesinin yeni bir varyant\u0131n\u0131 ke\u015ffetti.<\/p>\n","protected":false},"author":1,"featured_media":12080,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-12079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12079"}],"version-history":[{"count":1,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12079\/revisions"}],"predecessor-version":[{"id":12081,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12079\/revisions\/12081"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/media\/12080"}],"wp:attachment":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}