{"id":55592,"date":"2018-05-22T11:04:40","date_gmt":"2018-05-22T03:04:40","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=55592"},"modified":"2025-08-20T22:56:34","modified_gmt":"2025-08-20T14:56:34","slug":"%e8%99%9b%e6%93%ac%e5%a5%b3%e5%8f%8b-%e5%85%b6%e5%af%a6%e6%98%af%e9%96%93%e8%ab%9c-%e9%9b%99%e5%b9%b3%e5%8f%b0%e9%96%93%e8%ab%9c%e8%bb%9f%e9%ab%94maikspy%e5%81%bd%e8%a3%9d%e6%88%90%e4%ba%ba","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=55592","title":{"rendered":"\u300c\u865b\u64ec\u5973\u53cb \u300d\u4f86\u4e86 ! Android\u548c Windows\u7528\u6236\u7576\u5fc3\u96d9\u5e73\u53f0\u9593\u8adc\u8edf\u9ad4\u507d\u88dd\u6210\u4eba\u904a\u6232 \u5237\u7206\u4fe1\u7528\u5361 \u76dc\u5bc6\u78bc"},"content":{"rendered":"<p>\u8da8\u52e2\u79d1\u6280\u767c\u73fe\u4e00\u500b\u6703\u7aca\u53d6\u500b\u8cc7\u7684\u591a\u5e73\u53f0\u9593\u8adc\u8edf\u9ad4: Maikspy,\u76ee\u6a19\u662fWindows\u548cAndroid\u4f7f\u7528\u8005\uff0c\u8a72\u9593\u8adc\u8edf\u9ad4\u507d\u88dd\u6210\u4eba\u904a\u6232: Virtual Girlfriend\uff08\u865b\u64ec\u5973\u53cb\uff09\u3002Android \u7528\u6236\u82e5\u611f\u67d3\u4e86\u8a72\u9593\u8adc\u8edf\u9ad4,\u901a\u8a71\u6642\u5b83\u6703\u5077\u5077\u9304\u97f3\u548c\u7aca\u53d6\u8a2d\u5099\u6240\u5728\u4f4d\u7f6e\u3001\u7c21\u8a0a\u3001\u806f\u7d61\u4eba\u548cWhatsApp\u8cc7\u6599\u5eab\u7b49\u8cc7\u8a0a\u3002\u6700\u65b0\u7684\u8b8a\u7a2e\u9084\u53ef\u4ee5\u7aca\u53d6\u526a\u8cbc\u7c3f\u3001\u672c\u6a5f\u865f\u78bc\u3001\u5df2\u5b89\u88dd\u61c9\u7528\u7a0b\u5f0f\u5217\u8868\u548c\u5e33\u865f\u7b49\u8cc7\u8a0a\u3002<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=52638\">\u82f1\u570b\u516c\u53f8\u8b66\u544a\uff1a\u5225\u7528\u624b\u6a5f\u4e0a\u6210\u4eba\u7db2\u7ad9<\/a>\uff01\u8a31\u591a\u8272\u60c5\u7db2\u7ad9\u6216\u63d0\u4f9b\u975e\u6cd5\u5f71\u7247\u4e0b\u8f09\u7684\u5e73\u53f0\uff0c\u70ba\u4e86\u7372\u53d6\u5229\u76ca\uff0c\u6703\u5728\u5f71\u7247\u6a94\u6848\u6216\u7db2\u9801\u4e2d\u690d\u5165\u60e1\u610f\u8edf\u9ad4\uff0c\u4f8b\u5982\u75c5\u6bd2\u3001\u6728\u99ac\u7a0b\u5f0f\u3001\u9593\u8adc\u8edf\u9ad4\u7b49\u3002 \u4e00\u65e6\u4f7f\u7528\u8005\u9ede\u64ca\u64ad\u653e\u3001\u4e0b\u8f09\u5f71\u7247\u6216\u700f\u89bd\u76f8\u95dc\u7db2\u9801\uff0c\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u5c31\u6709\u53ef\u80fd\u5165\u4fb5\u4f7f\u7528\u8005\u7684\u88dd\u7f6e\u3002<\/p>\n<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14875\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target.jpg\" alt=\"\" width=\"700\" height=\"479\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target.jpg 700w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target-300x205.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target-600x411.jpg 600w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/10\/ecommerce-target-30x21.jpg 30w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/a><\/p>\n<p>\u5b89\u88dd\u60e1\u610fVirtual Girlfriend\uff08\u865b\u64ec\u5973\u53cb\uff09\u61c9\u7528\u7a0b\u5f0f\u5f8c\uff0c\u9593\u8adc\u8edf\u9ad4\u6703\u79c0\u51fa\u7dda\u4e0a\u7d04\u6703\u8a50\u9a19\u7db2\u7ad9,\u7576\u4f7f\u7528\u8005\u9032\u884c\u8a3b\u518a\u6642\uff0c\u99ed\u5ba2\u4e0d\u50c5\u53ef\u4ee5\u53d6\u5f97\u53d7\u5bb3\u8005\u7684\u4fe1\u7528\u5361\u8cc7\u6599\uff0c\u9084\u6703\u53d6\u5f97\u8a3b\u518a\u8a72\u7db2\u7ad9\u6642\u7684\u5237\u5361\u8cbb\u7528\u3002<\/p>\n<p>\u53e6\u5916,\u8da8\u52e2\u79d1\u6280\u4e5f\u767c\u73fe Windows\u4f7f\u7528\u8005\u5728\u700f\u89bd\u7279\u5b9a\u7db2\u9801\u6642\u53ef\u80fd\u6703\u88ab\u5b89\u88dd Chrome \u64f4\u5145\u529f\u80fd\uff08VirtualGirlfriend.crx\uff09\u3002\u7576\u4e0b\u8f09\u6b64\u64f4\u5145\u529f\u80fd\u6642\uff0c\u6703\u6307\u793a\u53d7\u5bb3\u8005\u5c07\u5176\u52a0\u5165\u700f\u89bd\u5668\u3002\u63a5\u8457 Maikspy \u5c31\u80fd\u6536\u96c6\u5f9e\u7db2\u9801\u8f38\u5165\u7684\u4f7f\u7528\u8005\u540d\u7a31\u548c\u5bc6\u78bc\u3002<\/p>\n<p>\u5982\u679c\u4f60\u6388\u6b0a\u5b83\u4f7f\u7528\u4f60\u7684Twitter\u5e33\u865f\uff0c\u4f5c\u8005\u53ef\u4ee5\u5229\u7528\u9019\u500b\u5e33\u865f\u4f86\u4f7f\u7528\u81ea\u52d5\u5316\u5de5\u5177\u6563\u64ad\u5ee3\u544a\u3002<strong><em>\u00a0<\/em><\/strong><\/p>\n<\/p>\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:27% auto\"><figure class=\"wp-block-media-text__media\"><a href=\"https:\/\/trend-tw.com\/7ufKF\/55592Meat\"><img loading=\"lazy\" decoding=\"async\" width=\"850\" height=\"1024\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2023\/10\/PC-cillin-\u96f2\u7aef\u7248-\u5305\u88dd\u76d2-\u7121\u5e74\u4efd_2024.png\" alt=\"\" class=\"wp-image-80369 size-full\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2023\/10\/PC-cillin-\u96f2\u7aef\u7248-\u5305\u88dd\u76d2-\u7121\u5e74\u4efd_2024.png 850w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2023\/10\/PC-cillin-\u96f2\u7aef\u7248-\u5305\u88dd\u76d2-\u7121\u5e74\u4efd_2024-249x300.png 249w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2023\/10\/PC-cillin-\u96f2\u7aef\u7248-\u5305\u88dd\u76d2-\u7121\u5e74\u4efd_2024-768x925.png 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2023\/10\/PC-cillin-\u96f2\u7aef\u7248-\u5305\u88dd\u76d2-\u7121\u5e74\u4efd_2024-25x30.png 25w\" sizes=\"(max-width: 850px) 100vw, 850px\" \/><\/a><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-background\">\u2b55\ufe0f \u4e0a\u4e86\u67d0\u4e9b\u7db2\u7ad9\u4e4b\u5f8c\uff0c\u96fb\u8166\/\u624b\u6a5f\u602a\u602a\u7684\uff1f\u4fdd\u8b77\u81ea\u5df1\u7684\u6700\u4f73\u505a\u6cd5\u662f\u6aa2\u67e5\u4f60\u7684\u88dd\u7f6e\u662f\u5426\u6709\u6f5b\u4f0f\u60e1\u610f\u7a0b\u5f0f\u3002<br>\u503c\u5f97\u4fe1\u8cf4\u7684\u9632\u6bd2\u7522\u54c1<a href=\"https:\/\/trend-tw.com\/7ufKF\/55592meat\" title=\"\">\u8da8\u52e2\u79d1\u6280PC-cillin<\/a> \u80fd\u5920\u5c0d\u6297\u6e05\u9664\u7db2\u8def\u5a01\u8105\uff0c\u5305\u62ec\u75c5\u6bd2\u3001\u8815\u87f2\u3001\u6728\u99ac\u548c\u9593\u8adc\u8edf\u9ad4\u3002<a href=\"https:\/\/trend-tw.com\/7ufKF\/55592meat\" title=\"\">\u27eb \u7acb\u5373\u514d\u8cbb\u4e0b\u8f09 \u6383\u63cf\u88dd\u7f6e<\/a><\/p>\n<\/div><\/div>\n\n\n\n<p class=\"has-white-background-color has-background\"><\/p>\n\n\n<p>\u8da8\u52e2\u79d1\u6280\u767c\u73fe\u4e86\u7a31\u70baMaikspy\u7684\u60e1\u610f\u8edf\u9ad4\u5bb6\u65cf\uff0c\u9019\u662f\u6703\u7aca\u53d6\u4f7f\u7528\u8005\u79c1\u4eba\u8cc7\u6599\u7684\u591a\u5e73\u53f0\u9593\u8adc\u8edf\u9ad4\u3002\u9019\u7cfb\u5217\u9593\u8adc\u8edf\u9ad4\u7684\u76ee\u6a19\u662fWindows\u548cAndroid\u4f7f\u7528\u8005\uff0c\u4e00\u958b\u59cb\u51fa\u73fe\u5c31\u7528\u6210\u4eba\u904a\u6232\u4f5c\u70ba\u507d\u88dd\uff0c\u4f7f\u7528\u71b1\u9580\u7f8e\u570bAV\u5973\u661f\u4f86\u547d\u540d\u3002Maikspy\u9019\u500b\u7d50\u5408AV\u5973\u661f\u548c\u9593\u8adc\u8edf\u9ad4\u7684\u540d\u7a31\u5f9e2016\u5e74\u958b\u59cb\u51fa\u73fe\u3002<\/p>\n<p>\u6839\u64da\u5206\u6790\u6700\u65b0Maikspy\u8b8a\u7a2e\u7684\u7d50\u679c\u986f\u793a\uff0c\u4f7f\u7528\u8005\u5f9e\u611f\u67d3\u4e86\u9593\u8adc\u8edf\u9ad4\uff0c\u9019\u7db2\u7ad9\u6703\u6563\u64ad\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\uff08\u5305\u62ec2016\u5e74\u7684\u6210\u4eba\u904a\u6232\uff09\uff0c\u9023\u5230\u5176C&amp;C\u4f3a\u670d\u5668\u4f86\u5f9e\u4e0a\u50b3\u4e2d\u6bd2\u8a2d\u5099\u548c\u96fb\u8166\u7684\u8cc7\u6599\u3002\u6709\u591a\u500bTwitter\u5e33\u865f\u5ee3\u544a\u4e86\u9019\u6b3e\u88ab\u7a31\u70baVirtual Girlfriend\uff08\u865b\u64ec\u5973\u53cb\uff09\u7684\u6210\u4eba\u904a\u6232\uff0c\u4e26\u900f\u904e\u77ed\u7db2\u5740\u5206\u4eab\u60e1\u610f\u7db2\u7ad9\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_1_Twitter_promotes_Virtual_Girlfriend.jpg\" alt=\"Figure 1. Tweets that mention Virtual Girlfriend and the short link of hxxp:\/\/miakhalifagame[.]com\/\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001\u63d0\u5230Virtual Girlfriend<\/em><em>\u7684\u63a8\u7279\u6587\u7ae0<\/em><\/p>\n<p><!--more--><\/p>\n<p><strong><em>Android<\/em><\/strong><strong><em>\u5e73\u53f0\u4e0a\u7684Maikspy<\/em><\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_2_Miakspy_Android_infection_chain.jpg\" alt=\"Figure 2. Infection chain of Maikspy Android variant\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001Maikspy Android<\/em><em>\u8b8a\u7a2e\u7684\u611f\u67d3\u93c8<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6839\u64da2018\u5e743\u6708\u6240\u770b\u5230\u6a23\u672c\u7684\u5206\u6790\uff0cMaikspy\u8b8a\u7a2e\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baAndroidOS_MaikSpy.HRX\uff09\u5728Android\u4e0a\u507d\u88dd\u6210Virtual Girlfriend\u8edf\u9ad4\uff0c\u8a98\u9a19\u4f7f\u7528\u8005\u9023\u5230\u99ed\u5ba2\u7684\u60e1\u610f\u7db2\u57df\u3002\u7576\u4f7f\u7528\u8005\u9ede\u958bTwitter\u4e0a\u7684\u77ed\u7db2\u5740\uff0c\u6703\u51fa\u73fe\u986f\u793a\u6027\u5225\u9078\u9805\u7684\u9801\u9762\uff0c\u63a5\u8457\u51fa\u73fe\u8b93\u4f7f\u7528\u8005\u9078\u64c7\u201c\u7b2c\u4e00\u4f4d\u5973\u670b\u53cb\u201d\u7684\u9801\u9762\uff0c\u4e26\u5f15\u5c0e\u9032\u5165\u4e0b\u8f09\u7db2\u9801\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_3_3_Steps.jpg\" alt=\"Figure 3. Virtual Girlfriend\u00e2\u0080\u0099s option buttons (first and second screen from the left) and download page (third screen)\" \/><\/p>\n<p><em>\u57163<\/em><em>\u3001Virtual Girlfriend<\/em><em>\u7684\u9078\u9805\u9801\u9762\uff08\u5de6\u5074\u7684\u7b2c\u4e00\u548c\u7b2c\u4e8c\u500b\u756b\u9762\uff09\u548c\u4e0b\u8f09\u7db2\u9801\uff08\u7b2c\u4e09\u500b\u756b\u9762\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u7576\u4e0b\u8f09\u4e26\u555f\u52d5APK\u6a94\u6848\uff0c\u5b83\u6703\u5c07\u4e2d\u6bd2\u8a2d\u5099\u7684Unix\u6642\u9593\u6233\u8a18\u9001\u5230\u4f7f\u7528\u745e\u5178\u570b\u78bc\u7684\u96fb\u8a71\u865f\u78bc0046769438867\u3002\u9019\u884c\u70ba\u61c9\u8a72\u662f\u5728\u8a3b\u518a\u8a2d\u5099ID\uff1a<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_4_Maikspy_unix_timestamp.jpg\" alt=\"Figure 4. Code snippet of the device\u00e2\u0080\u0099s Unix timestamp being sent to 0046769438867\" \/><\/p>\n<p><em>\u57164<\/em><em>\u3001\u5c07\u8a2d\u5099Unix<\/em><em>\u6642\u9593\u6233\u8a18\u767c\u9001\u52300046769438867<\/em><em>\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p><strong>\u201cError: 401. App not compatible. Uninstalling\u2026\u201c\uff0c\u5b89\u88dd\u5931\u6557?\u5176\u5be6\u9593\u8adc\u8edf\u9ad4\u53ea\u662f\u5c07\u81ea\u5df1\u96b1\u85cf\u8d77\u4f86\u4e26\u5728\u80cc\u666f\u57f7\u884c<\/strong><\/p>\n<p>\u63a5\u8457\uff0cMaikspy\u61c9\u7528\u7a0b\u5f0f\u6703\u986f\u793a\u201cError: 401. App not compatible. Uninstalling\u2026\u201c\uff0c\u8a66\u5716\u6b3a\u9a19\u4f7f\u7528\u8005\u5df2\u7d93\u522a\u9664\u4e86\u61c9\u7528\u7a0b\u5f0f\u3002\u4f46\u5176\u5be6\u9593\u8adc\u8edf\u9ad4\u53ea\u662f\u5c07\u81ea\u5df1\u96b1\u85cf\u8d77\u4f86\u4e26\u5728\u80cc\u666f\u57f7\u884c\u3002\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u6703\u5148\u6aa2\u67e5\u6240\u9700\u8981\u7684\u6b0a\u9650\uff0c\u7136\u5f8c\u7e7c\u7e8c\u4ee5\u4e0b\u884c\u70ba\uff1a<\/p>\n<ul>\n<li>\u7aca\u53d6\u96fb\u8a71\u865f\u78bc<\/li>\n<li>\u7aca\u53d6\u5e33\u865f<\/li>\n<li>\u7aca\u53d6\u5df2\u5b89\u88dd\u61c9\u7528\u7a0b\u5f0f\u5217\u8868<\/li>\n<li>\u7aca\u53d6\u806f\u7d61\u4eba<\/li>\n<li>\u7aca\u53d6\u7c21\u8a0a<\/li>\n<\/ul>\n<p>\u7aca\u53d6\u7684\u8cc7\u6599\u6703\u88ab\u5beb\u6210.txt\u6216.csv\u683c\u5f0f\uff0c\u7136\u5f8c\u4e0a\u50b3\u5230C&amp;C\u4f3a\u670d\u5668\u3002<\/p>\n<p>\u4e0a\u50b3\u4e86\u4e0a\u8ff0\u8cc7\u6599\u5f8c\uff0c\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u6703\u6bcf60\u79d2\u6aa2\u67e5\u4e00\u6b21\u4f86\u81eaC&amp;C\u4f3a\u670d\u5668\u7684\u547d\u4ee4\u3002\u4ee5\u4e0b\u662f\u6240\u652f\u63f4\u7684\u547d\u4ee4\uff1a<\/p>\n<p>&nbsp;<\/p>\n<table  class=\" table table-hover\" width=\"0\">\n<tbody>\n<tr>\n<td width=\"117\">\u547d\u4ee4<\/td>\n<td width=\"435\">\u6558\u8ff0<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">startrecording<\/td>\n<td width=\"435\">\u958b\u59cb\u9304\u4e0b\u8a2d\u5099\u5468\u570d\u7684\u8072\u97f3<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">stoprecording<\/td>\n<td width=\"435\">\u505c\u6b62\u9304\u97f3<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">uploaddata<\/td>\n<td width=\"435\">\u4e0a\u50b3\/sdcard\/DCIM,\/sdcard\/Downloads\uff0c\/sdcard\/Movies\uff0c \/sdcard\/Pictures\uff0c\/sdcard\/Documents\u7684\u6a94\u6848<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getnumber<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u96fb\u8a71\u865f\u78bc<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getclipboard<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u526a\u8cbc\u7c3f\u5167\u5bb9<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">sms-<\/td>\n<td width=\"435\">\u767c\u9001\u7c21\u8a0a<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">get-<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u7279\u5b9a\u6a94\u6848<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getcontacts<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u806f\u7d61\u4eba<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getinstalledapps<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u5df2\u5b89\u88dd\u61c9\u7528\u7a0b\u5f0f\u5217\u8868<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getmsgdata<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u6536\u5230\u7684\u7c21\u8a0a<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getmsgdatasent<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u9001\u51fa\u7684\u7c21\u8a0a<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">getaccounts<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u5e33\u865f<\/td>\n<\/tr>\n<tr>\n<td width=\"117\">tree<\/td>\n<td width=\"435\">\u53d6\u5f97\u4e26\u4e0a\u50b3\u7279\u5b9a\u8cc7\u6599\u593e\u6a94\u6848\u5217\u8868<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>\u7576\u9996\u6b21\u57f7\u884cVirtual Girlfriend\u6642\uff0c\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u6703\u7d50\u5408Unix\u6642\u9593\u6233\u8a18\u3001\u8a2d\u5099\u85cd\u7259\u88dd\u7f6e\u540d\u7a31\u548c\u4f7f\u7528\u8005Twitter\u5e33\u865f\u4f86\u4f5c\u70ba\u8a2d\u5099\u8b58\u5225\u540d\u7a31\uff1aTimestamp_BTAdapterName_TwitterAccount\u3002\u5982\u679c\u4f7f\u7528\u8005\u6c92\u6709Twitter\u61c9\u7528\u7a0b\u5f0f\uff0c\u5c31\u53ea\u6703\u7528\u4e00\u500b\u7a7a\u5b57\u4e32\uff08\u201c\u201d\uff09\u3002\u5982\u679c\u4f7f\u7528\u8005\u6709\u591a\u500bTwitter\u5e33\u865f\uff0c\u9593\u8adc\u8edf\u9ad4\u6703\u4f7f\u7528\u767b\u5165\u4e2d\u7684\u5e33\u865f\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_5_Maikspy_device_id_name.jpg\" alt=\"Figure 5. Code snippet of the process where the Unix timestamp, the device\u00e2\u0080\u0099s Bluetooth adapter name, and the name of user\u00e2\u0080\u0099s Twitter account are combined to produce a device identification name\" \/><\/p>\n<p><em>\u57165<\/em><em>\u3001\u5c07Unix<\/em><em>\u6642\u9593\u6233\u8a18\uff0c\u8a2d\u5099\u85cd\u7259\u88dd\u7f6e\u540d\u7a31\u548c\u4f7f\u7528\u8005Twitter<\/em><em>\u5e33\u865f\u7d44\u5408\u5728\u4e00\u8d77\u751f\u6210\u8a2d\u5099\u8b58\u5225\u540d\u7a31\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6b64\u5916\uff0c\u9593\u8adc\u8edf\u9ad4\u5728\u9996\u6b21\u5b89\u88dd\u6642\u6703\u51fa\u73fe\u4ee5\u4e0b\u9801\u9762\uff1a<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_6_scam_site_Maikspy.jpg\" alt=\"Figure 6. The spyware displays the online dating scam website upon the installation of the malicious Virtual Girlfriend app\" \/><\/p>\n<p><em>\u57166<\/em><em>\u3001\u5b89\u88dd\u60e1\u610fVirtual Girlfriend<\/em><em>\u61c9\u7528\u7a0b\u5f0f\u5f8c\uff0c\u9593\u8adc\u8edf\u9ad4\u6703\u79c0\u51fa\u7dda\u4e0a\u7d04\u6703\u8a50\u9a19\u7db2\u7ad9<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u7dda\u4e0a\u4ea4\u53cb\u7db2\u7ad9\u7684\u8a3b\u518a\u9801\u9762\u88ab\u7528\u4f86\u8a98\u9a19\u4f7f\u7528\u8005\u7684\u4fe1\u7528\u5361\u8cc7\u6599\u3002\u7576\u4f7f\u7528\u8005\u9032\u884c\u8a3b\u518a\u6642\uff0c\u4fe1\u7528\u5361\u6703\u6536\u53d6\u8cbb\u7528\u3002\u9019\u662f\u7576\u8cc7\u6599\u4e0a\u50b3\u6642\u5728\u7db2\u9801\u53f3\u4e0b\u89d2\u96b1\u85cf\u7684iframe\uff08\u7d05\u8272\u5e95\u7dda\uff09\u6240\u9020\u6210\u3002\u6240\u4ee5\u99ed\u5ba2\u4e0d\u50c5\u53ef\u4ee5\u53d6\u5f97\u53d7\u5bb3\u8005\u7684\u4fe1\u7528\u5361\u8cc7\u6599\uff0c\u9084\u6703\u53d6\u5f97\u5411\u4fe1\u7528\u5361\u6240\u6536\u7684\u8cbb\u7528\uff0c\u53ea\u8981\u4f7f\u7528\u8005\u6c92\u6709\u8981\u6c42\u9000\u8cbb\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Windows<\/em><\/strong><strong><em>\u5e73\u53f0\u4e0a\u7684Maikspy<\/em><\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_7_Maikspy_Windows_infection_chain.jpg\" alt=\"Figure 7. Infection chain of Maikspy Windows variant\" \/><\/p>\n<p><em>\u57167<\/em><em>\u3001Maikspy Windows<\/em><em>\u8b8a\u7a2e\u7684\u611f\u67d3\u93c8<\/em><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_8_Windows_button_Maikspy.jpg\" alt=\"Figure 8. These buttons greet users who clicked the Twitter short link of hxxp:\/\/miakhalifagame[.]com\/\" \/><\/p>\n<p><em>\u57168<\/em><em>\u3001\u4f7f\u7528\u8005\u9ede\u64caTwitter<\/em><em>\u77ed\u9023\u7d50\u5f8c<\/em><em>\u6240\u51fa\u73fe\u7684\u756b\u9762<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>2017\u5e744\u6708\u51fa\u73fe\u7684Maikspy Windows\u8b8a\u7a2e\uff08WORM_INFOKEY.A\uff09\u6703\u8a98\u9a19\u4f7f\u7528\u8005\u4e0b\u8f09<em>MiaKhalifa.rar<\/em>\u6a94\u6848\uff0c\u88e1\u9762\u5305\u542b\u4e0b\u5217\u6a94\u6848\uff1a<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_9_rar_file_Maikspy.jpg\" alt=\"Figure 9. Content of the MiaKhalifa.rar file\" \/><\/p>\n<p><em>\u57169<\/em><em>\u3001MiaKhalifa.rar<\/em><em>\u6a94\u6848\u5167\u5bb9<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><em>README.txt<\/em>\u63d0\u4f9b\u4f7f\u7528\u8005\u5982\u4f55\u95dc\u9589\u9632\u75c5\u6bd2\u8edf\u9ad4\u53ca\u958b\u555f\u7db2\u8def\u7684\u8aaa\u660e\uff0c\u99ed\u5ba2\u9700\u8981\u7aca\u53d6\u8cc7\u6599\u4e26\u4e0a\u50b3\u5230C&amp;C\u4f3a\u670d\u5668\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_10_Maikspy_README.jpg\" alt=\"Figure 10. Content of README.txt\" \/><\/p>\n<p><em>\u571610<\/em><em>\u3001README.txt<\/em><em>\u7684\u5167\u5bb9<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><em>register.bat<\/em>\u7528\u4f86\u53d6\u5f97\u7ba1\u7406\u54e1\u6b0a\u9650\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_11_register_bat_Maikspy.jpg\" alt=\"Figure 11. Code snippet of register.bat\" \/><\/p>\n<p><em>\u571611<\/em><em>\u3001register.bat<\/em><em>\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><em>Uninstall.exe<\/em>\u5176\u5be6\u662f\u958b\u653e\u539f\u59cb\u78bc\u7684\u99ed\u5ba2\u5de5\u5177Mimikatz\uff0c\u53ef\u5f9e\u8a18\u61b6\u9ad4\u5167\u53d6\u5f97\u672a\u52a0\u5bc6\u7684\u5bc6\u78bc\u3001\u96dc\u6e4a\u503c\u548cKerberos\u6191\u8b49\uff09\u3002\u800c\u5728\u9019\u88e1\uff0c<em>Uninstall.exe<\/em>\u88ab\u7528\u4f86\u53d6\u5f97Windows\u5e33\u865f\u548c\u5bc6\u78bc\uff0c\u518d\u5c07\u7d50\u679c\u5beb\u5165C:\\Users\\%username%\\AppData\\local\\password.txt\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><em>Setup.exe<\/em>\u662f\u7aca\u53d6\u8cc7\u6599\u7684\u6838\u5fc3\u6a21\u7d44\u3002\u5c31\u8ddfAndroid\u7248\u7684Maikspy\u4e00\u6a23\uff0c\u5b83\u6703\u5148\u9023\u5230C&amp;C\u4f3a\u670d\u5668\u4f86\u8a3b\u518a\u8a2d\u5099\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_12_Maikspy_CC_notif.jpg\" alt=\"Figure 12. Code snippet of notification being sent to the C&amp;C server to register the device\" \/><\/p>\n<p><em>\u571612<\/em><em>\u3001\u9023\u5230C&amp;C<\/em><em>\u4f3a\u670d\u5668\u8a3b\u518a\u8a2d\u5099\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u63a5\u8457\uff0c\u5b83\u6703\u5230\u4e0b\u5217\u8cc7\u6599\u593e\u53d6\u5f97.jpg\u3001.jpeg\u3001.png\u3001.txt\u3001.wav\u3001.html\u3001.doc\u3001.docx\u548c.rtf\u6a94\u6848\uff1aC:\/Users\/%username%\/Desktop\u3001C:\/Users\/%username%\/Pictures\u3001C:\/Users\/%username%\/Documents\u548cC:\/Users\/%username%\/Downloads\u3002\u4e5f\u6703\u5077\u8d70\u8cc7\u6599\u593e\u7684\u6a94\u6848\u5217\u8868\u3002\u63a5\u8457\u5728\u4e0a\u50b3\u5230C&amp;C\u4f3a\u670d\u5668\u524d\u5148\u5c07\u5b83\u5011\u5beb\u5165\u6a94\u6848\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_13_Maikspy_fetch_upload.jpg\" alt=\"Figure 13. Code snippets of the scanning, fetching, and uploading of .jpg, .jpeg, .png, .txt, .wav, .html, .doc, .docx and .rtf files (left). It also steal information about the machine\u00e2\u0080\u0099s system i.e. default browser, OS version, Firefox version, Chrome version, IE version and Network configuration (right).\" \/><\/p>\n<p><em>\u571613<\/em><em>\u3001\u6383\u63cf\u3001\u53d6\u5f97\u548c\u4e0a\u50b3<\/em>.jpg\u3001.jpeg\u3001.png\u3001.txt\u3001.wav\u3001.html\u3001.doc\u3001.docx\u548c.rtf\u6a94\u6848\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<em>\uff08\u5de6\uff09\u3002\u5b83\u9084\u6703\u53d6\u5f97\u7cfb\u7d71\u76f8\u95dc\u8cc7\u8a0a\uff0c\u50cf\u662f\u9810\u8a2d\u700f\u89bd\u5668\u3001\u4f5c\u696d\u7cfb\u7d71\u7248\u672c\u3001<\/em><em>Firefox<\/em><em>\u7248\u672c\u3001Chrome<\/em><em>\u7248\u672c\u3001IE<\/em><em>\u7248\u672c\u548c\u7db2\u8def\u8a2d\u5b9a\uff08\u53f3\uff09\u3002<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73feWindows\u4f7f\u7528\u8005\u5728\u700f\u89bdhxxp:\/\/miakhalifagame[.]com\u6642\u53ef\u80fd\u6703\u88ab\u5b89\u88ddChrome\u64f4\u5145\u529f\u80fd\uff08VirtualGirlfriend.crx\uff09\u3002\u7576\u4e0b\u8f09\u6b64\u64f4\u5145\u529f\u80fd\uff08BREX_INFOSTEAL.A\uff09\u6642\uff0c\u6703\u6307\u793a\u53d7\u5bb3\u8005\u5982\u4f55\u5c07\u5176\u52a0\u5165\u700f\u89bd\u5668\u3002\u63a5\u8457\u60e1\u610f\u8edf\u9ad4\u5c31\u80fd\u6536\u96c6\u5f9e\u7db2\u9801\u8f38\u5165\u7684\u4f7f\u7528\u8005\u540d\u7a31\u548c\u5bc6\u78bc\uff0c\u518d\u5c07\u5176\u9001\u5230hxxps:\/\/miakhalifagame[.]com\/testinn[.]php\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_14_Chrome_extension_Maikspy.jpg\" alt=\"Figure 14. Instructions given to the user on how to load the malicious Chrome extension\" \/><\/p>\n<p><em>\u571614<\/em><em>\u3001\u5411\u7528\u6236\u8aaa\u660e\u5982\u4f55\u5b89\u88dd\u60e1\u610fChrome<\/em><em>\u64f4\u5145\u529f\u80fd<\/em><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_15_code_malicious_extension_Maikspy.jpg\" alt=\"Figure 15. Code snippet of the malicious extension plugin\" \/><\/p>\n<p><em>\u571615<\/em><em>\u3001\u60e1\u610f\u64f4\u5145\u529f\u80fd\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Round Year Fun<\/em><\/strong><strong><em>\u548cMaikspy<\/em><\/strong><strong><em>\u9593\u7684\u95dc\u806f<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u6aa2\u8996\u4e86\u5ee3\u544aVirtual Girlfriend\u7684\u63a8\u7279\u5e33\u865f\uff08\u898b\u57161\uff09\u3002Twitter\u5e33\u865f\u540d\u7a31\u662fRound Year Fun\uff0c\u5b83\u7684\u63a8\u6587\u90fd\u662f\u5728\u5ee3\u544a\u904a\u6232\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_16_Twitter_RoundYearFun.jpg\" alt=\"Figure 16. Twitter homepage of Round Year Fun\" \/><\/p>\n<p><em>\u571616<\/em><em>\u3001Round Year Fun<\/em><em>\u7684Twitter<\/em><em>\u9996\u9801<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>Twitter\u4e0a\u5ee3\u544a\u904a\u6232\u7684\u7db2\u7ad9\u3002\u5982\u4e0b\u5716\u6240\u793a\uff0c\u5b83\u63d0\u4f9b\u7684\u4e26\u4e0d\u53ea\u6709Virtual Girlfriend\u3002\u6aa2\u67e5\u6b64\u7db2\u7ad9\u7684\u66ab\u5b58\u7248\u672c\u5f8c\uff0c\u6211\u5011\u767c\u73fe\u5b83\u4e5f\u88ab\u7528\u4f86\u6563\u64adMaikspy\u653b\u64ca\u8005\u7b2c\u4e00\u6b21\u6240\u7528\u7684\u6210\u4eba\u904a\u6232\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_17_Maikspy_RoundYearFun.jpg\" alt=\"Figure 17. Virtual Girlfriend in the list of games advertised by hxxp:\/\/www[.]roundyearfun[.]org\" \/><\/p>\n<p><em>\u571617<\/em><em>\u3001<\/em><em>\u5ee3\u544a\u904a\u6232\u5217\u8868\u4e2d\u7684Virtual Girlfriend<\/em><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_18_Maikspy_RoundYearFun2.jpg\" alt=\"Figure 18. The adult game first used by the attackers was also found in the list of games advertised by hxxp:\/\/www[.]roundyearfun[.]org\" \/><\/p>\n<p><em>\u571618\u3001\u99ed\u5ba2\u7b2c\u4e00\u6b21\u4f7f\u7528\u7684\u6210\u4eba\u904a\u6232\u4e5f\u5728<\/em><em>\u5ee3\u544a\u904a\u6232\u5217\u8868\u4e2d\u627e\u5230<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u7684\u5206\u6790\u986f\u793aTwitter\u4e0a\u5ee3\u544a\u904a\u6232\u7684\u7db2\u7ad9\u3002\u4e5f\u88ab\u7528\u4f5c\u5132\u5b58\u53d7\u5bb3\u8005\u8cc7\u6599\u7684C&amp;C\u7db2\u5740\u3002\u60e1\u610f\u8edf\u9ad4\u4e5f\u8ddfVirtual Girlfriend\u5171\u7528\u76f8\u540c\u6191\u8b49\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_19_RoundYearFun_logo.jpg\" alt=\"Figure 19. Round Year Fun logo found at Maikspy\u00e2\u0080\u0099s malicious domain\" \/><\/p>\n<p><em>\u5716<\/em><em>19<\/em><em>\u3001\u5728<\/em><em>Maikspy<\/em><em>\u60e1\u610f\u7db2\u57df\u767c\u73fe\u7684<\/em><em>Round Year Fun<\/em><em>\u5716\u793a<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u5728Round Year Fun\u6240\u63d0\u4f9b\u904a\u6232\u767c\u73fe\u4e86\u53e6\u5916\u4e00\u4ef6\u4e8b\uff0c\u5982\u679c\u4f60\u6388\u6b0a\u5b83\u4f7f\u7528\u4f60\u7684Twitter\u5e33\u865f\uff0c\u4f5c\u8005\u53ef\u4ee5\u5229\u7528\u9019\u500b\u5e33\u865f\u4f86\u4f7f\u7528\u81ea\u52d5\u5316\u5de5\u5177\u5ee3\u544a\u904a\u6232\u3002\u4f5c\u8005\u4f7f\u7528\u57161\u4e2d\u7684\u53e6\u4e00\u500bTwitter\u5e33\u865f\uff08rifusthegr8\uff09\u4f86\u5ee3\u544aVirtual Girlfriend\uff0c\u4e26\u8f49\u63a8Round Year Fun\u81ea\u5df1\u63a8\u7279\u4e0a\u7684\u904a\u6232\u5ee3\u544a\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Maikspy<\/em><\/strong><strong><em>\u5f9e<\/em><\/strong><strong><em>2016<\/em><\/strong><strong><em>\u5e74\u5230<\/em><\/strong><strong><em>2018<\/em><\/strong><strong><em>\u5e74\u7684\u767c\u5c55\u6b77\u53f2<\/em><\/strong><\/p>\n<p>\u7b2c\u4e00\u500bMaikspy\u8b8a\u7a2e\u57282016\u5e7412\u6708\u51fa\u73fe\u5728Windows\u5e73\u53f0\u3002\u507d\u88dd\u6210\u7528AV\u5973\u661f\u547d\u540d\u7684\u6210\u4eba\u904a\u6232\u3002\u5b83\u53ef\u4ee5\u81ea\u6211\u66f4\u65b0\uff0c\u4e26\u4e14\u6703\u7aca\u53d6\u653e\u5728\u684c\u9762\u3001\u5716\u7247\u3001\u6587\u4ef6\u548c\u4e0b\u8f09\u8cc7\u6599\u593e\u5167\u7684.jpg\u3001.jpeg\u3001.png\u3001.txt\u3001.wav\u3001.html\u3001.doc\u3001.docx\u548c.rtf\u6a94\u6848\uff0c\u9084\u6709\u672c\u6a5f\u5167IE\u3001Chrome\u3001Firefox\u6216\u9810\u8a2d\u700f\u89bd\u5668\u7684\u76f8\u95dc\u8cc7\u6599\uff0c\u4ee5\u53ca\u4f5c\u696d\u7cfb\u7d71\u8cc7\u8a0a\u548c\u7db2\u8def\u8a2d\u5b9a\u3002\u9019\u500b\u9593\u8adc\u8edf\u9ad4\u6703\u9023\u5230107[.]180[.]46[.]243\u3002<\/p>\n<p>\u800c\u9019\u9593\u8adc\u8edf\u9ad4\u7684\u7b2c\u4e00\u6b3eAndroid\u8b8a\u7a2e\u51fa\u73fe\u57282017\u5e741\u6708\u3002\u4e5f\u540c\u6a23\u5229\u7528\u4e4b\u524d\u6240\u63d0\u7684\u6210\u4eba\u904a\u6232\u5e4c\u5b50\uff0c\u9023\u5230\u540c\u4e00\u500bC&amp;C\u4f3a\u670d\u5668\u3002\u5b83\u53ef\u4ee5\u9304\u4e0b\u901a\u8a71\u548c\u7aca\u53d6\u8a2d\u5099\u4f4d\u7f6e\u3001\u7c21\u8a0a\u3001\u806f\u7d61\u4eba\u548cWhatsApp\u8cc7\u6599\u5eab\u7b49\u8cc7\u8a0a\uff0c\u4e26\u4e14\u80fd\u5920\u9304\u4e0b\u8a2d\u5099\u5468\u570d\u7684\u8072\u97f3\u3002\u4e0b\u4e00\u500b\u8b8a\u7a2e\u5f88\u5feb\u5c31\u51fa\u73fe\uff0c\u52a0\u5165\u4e86\u4ee5\u4e0b\u529f\u80fd\uff1a\u7aca\u53d6\u526a\u8cbc\u7c3f\u3001\u672c\u6a5f\u865f\u78bc\u3001\u5df2\u5b89\u88dd\u61c9\u7528\u7a0b\u5f0f\u5217\u8868\u548c\u5e33\u865f\u7b49\u8cc7\u8a0a\u3002\u540c\u6642\u79fb\u9664\u4e86\u7aca\u53d6WhatsApp\u8cc7\u6599\u5eab\u7684\u80fd\u529b\u3002\u5b83\u4e5f\u6539\u8b8a\u4e86\u547d\u4ee4\u683c\u5f0f\u3002<\/p>\n<p>\u57282017\u5e743\u6708\uff0c\u51fa\u73fe\u4e86\u53e6\u4e00\u500b\u65b0\u8b8a\u7a2e\uff0c\u53ef\u4ee5\u5728\u4f7f\u7528\u8005\u7528\u76f8\u6a5f\u62cd\u7167\u6642\u7aca\u53d6\u7167\u7247\u3002\u7a0b\u5f0f\u78bc\u7d50\u69cb\u548c\u5957\u4ef6\u540d\u7a31\u4e5f\u767c\u751f\u4e86\u8b8a\u5316\uff0cC&amp;C\u5730\u5740\u4e5f\u6539\u5230\u4e86198[.]12[.]155[.]84\u3002<\/p>\n<p>\u5230\u4e862017\u5e744\u6708\uff0c\u6700\u65b0\u7684Windows\u7248\u672cMaikspy\u51fa\u73fe\u4e26\u6709\u4e86\u4ee5\u4e0b\u8b8a\u52d5\uff1aC&amp;C\u670d\u52d9\u5668\u66f4\u6539\u70ba198[.]12[.]155[.]84\uff0c\u4e26\u4e14\u6703\u7aca\u53d6\u5bc6\u78bc\u4ee5\u53ca.doc\u3001.docx\u548c.rtf\u6a94\u6848\u3002<\/p>\n<p>\u57282017\u5e746\u6708\u523012\u6708\u4e4b\u9593\uff0cAndroid\u8b8a\u7a2e\u51fa\u73fe\u4ee5\u4e0b\u8b8a\u52d5\uff1aC&amp;C\u670d\u52d9\u5668\u8b8a\u66f4\u70ba192[.]169[.]217[.]55\uff0c\u79fb\u9664\u9304\u4e0b\u901a\u8a71\u7684\u80fd\u529b\uff0c\u63a5\u8457C&amp;C\u4f3a\u670d\u5668\u518d\u6b21\u6539\u70ba198[.]12[.]149[.]13\u3002<\/p>\n<p>\u57282018\u5e741\u6708\uff0cAndroid\u8b8a\u7a2e\u7684\u61c9\u7528\u7a0b\u5f0f\u540d\u7a31\u6539\u70baVirtual Girlfriend\u3002\u653b\u64ca\u8005\u6703\u7528HTTP\u5354\u5b9a\u50b3\u8f38\u8cc7\u6599\u3002\u4e5f\u79fb\u9664\u4e86\u7aca\u53d6\u4f4d\u7f6e\u548c\u5716\u7247\u7684\u80fd\u529b\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Maikspy<\/em><\/strong><strong><em>\u6240\u7528\u8b8a\u7a2e\u548c<\/em><\/strong><strong><em>C&amp;C<\/em><\/strong><strong><em>\u4f3a\u670d\u5668\u9593\u7684\u95dc\u4fc2<\/em><\/strong><\/p>\n<p>Maikspy\u653b\u64ca\u8005\u5728\u9019\u4e9b\u5e74\u4f86\u8b8a\u66f4\u4e86\u7db2\u57df\u548cIP\u5730\u5740\uff0c\u4f46\u9019\u4e9b\u90fd\u662f\u7531\u7f8e\u570b\u7684\u4e00\u5bb6\u4e0a\u5e02\u7db2\u57df\u540d\u7a31\u8a3b\u518a\u5546\u548c\u7db2\u7ad9\u4ee3\u7ba1\u516c\u53f8\u4ee3\u7ba1\u3002\u4e0b\u5716\u986f\u793a\u51fa2016\u5e74\u52302018\u5e74\u9593\u7684Maikspy\u8b8a\u7a2e\u8ddfC&amp;C\u4f3a\u670d\u5668\u7684\u95dc\u806f\uff08<a href=\"https:\/\/documents.trendmicro.com\/assets\/appendix-maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users.pdf\">\u9644\u9304<\/a>\u4e2d\u63d0\u4f9b\u66f4\u591a\u7d30\u7bc0\u4ee5\u53caAndroid\u548cWindows\u8b8a\u7a2e\u7684\u96dc\u6e4a\u503c\uff09\uff1a<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_20_CC_map_Maikspy1-1.jpg\" alt=\"Figure 20. The connection of Maikspy variants to 198[.]12[.]155[.]84, hxxp:\/\/roundyearfun[.]org\/, and 192[.]169[.]217[.]55. Note: The green nodes represent Android samples, while the blue nodes represent Windows samples.\" \/><\/p>\n<p><em>\u5716<\/em><em>20<\/em><em>\u3001<\/em><em>Maikspy<\/em><em>\u8b8a\u7a2e,<\/em><em>\u7da0\u8272\u7bc0\u9ede\u4ee3\u8868<\/em><em>Android<\/em><em>\u6a23\u672c\uff0c\u800c\u85cd\u8272\u7bc0\u9ede\u4ee3\u8868<\/em><em>Windows<\/em><em>\u6a23\u672c\u3002<\/em><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_21_CC_map_Maikspy2-1.jpg\" alt=\"Figure 21. Connection of Maikspy variants to 107[.]180[.]46[.]243 and hxxp:\/\/fakeomegle[.]com\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/05\/Figure_22_CC_map_Maikspy3-1.jpg\" alt=\"Figure 22.\u00c2\u00a0Connection of Maikspy variants to 198[.]12[.]149[.]13and hxxp:\/\/miakhalifagame[.]com\/\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u5c0d\u7b56<\/em><\/strong><\/p>\n<p>\u53ea\u5f9e\u5408\u6cd5\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\uff08\u5982Google Play\uff09\u4e0b\u8f09\u61c9\u7528\u7a0b\u5f0f\u80fd\u5920\u9632\u6b62Maikspy\u5371\u5bb3\u96fb\u8166\u548c\u884c\u52d5\u8a2d\u5099\u3002\u66f4\u91cd\u8981\u7684\u4e00\u9ede\u662f\uff0c\u63a5\u53d7\u4efb\u4f55\u689d\u6b3e\u6216\u6388\u4e88\u6b0a\u9650\u4e4b\u524d\uff0c\u8981\u5148\u4e86\u89e3\u5141\u8a31\u4e86\u54ea\u4e9b\u61c9\u7528\u7a0b\u5f0f\u53d6\u5f97\u4e86\u4ec0\u9ebc\u6b0a\u9650\uff0c\u4ee5\u53ca\u53ef\u80fd\u5e36\u4f86\u7684<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/threat-intelligence-center\/mobile-safety\/\">\u98a8\u96aa<\/a>\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/mars.trendmicro.com\/\">\u884c\u52d5\u61c9\u7528\u7a0b\u5f0f\u4fe1\u8b7d\u8a55\u6bd4\u670d\u52d9<\/a>\uff08MARS\uff09\u4f7f\u7528\u696d\u754c\u9818\u5148\u7684\u6c99\u7bb1\u548c\u6a5f\u5668\u5b78\u7fd2\u6280\u8853\u4f86\u6db5\u84cbAndroid\u548ciOS\u5a01\u8105\u3002\u80fd\u5920\u4fdd\u8b77\u4f7f\u7528\u8005\u89e3\u6c7a\u60e1\u610f\u8edf\u9ad4\u3001\u96f6\u6642\u5dee\u653b\u64ca\u548c\u5df2\u77e5\u6f0f\u6d1e\u653b\u64ca\u3001\u96b1\u79c1\u5916\u6d29\u53ca\u61c9\u7528\u7a0b\u5f0f\u6f0f\u6d1e\u7b49\u554f\u984c\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><em>PC<\/em>&#8211;<em>cillin<\/em>\u00a0\u96f2\u7aef\u7248\u8d85\u5f37<em>\u8de8\u5e73\u53f0<\/em>\u9632\u8b77, \u540c\u6642\u652f\u63f4PC\u3001Mac\u53caAndroid\u667a\u6167\u624b\u6a5f\u8207\u5e73\u677f\u96fb\u8166\uff0c\u4e00\u7d44\u5e8f\u865f\u53ef\u5b89\u88dd\u5728\u4e0d\u540c\u4e0a\u7db2\u8a2d\u5099\uff0c\u8b93\u60a8\u4e0d\u7ba1\u5728\u4f55\u6642\u3001\u4f55\u5730\u90fd\u80fd\u7372\u5f97<em>\u8de8\u5e73\u53f0<\/em>\u7684\u9632\u8b77\u3002\u2794<a href=\"https:\/\/trend-tw.com\/7ufKF\/55592\">\u5373\u523b\u514d\u8cbb\u4e0b\u8f09\u8a66\u7528<\/a><\/p>\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users\/\">Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users<\/a> \u4f5c\u8005\uff1aEcular Xu\u548cGrey Guo\uff08<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/mtrteam\/\">\u884c\u52d5\u5a01\u8105\u56de\u61c9\u5718\u968a<\/a>\uff09<\/p>\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<p><p><strong>\u2b55\ufe0f   AI \u9632\u8a50\u9632\u6bd2 <\/strong><\/p>\n<p>\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/trend-tw.com\/7ufKF\/bbn55592meat \" target=\"_blank\" rel=\"noreferrer noopener\">PC-cillin\u96f2\u7aef\u7248<\/a> \u904b\u7528\u6700\u65b0 AI \u9632\u6bd2\u9632\u8a50\u6280\u8853\uff0c\u5168\u9762\u4fdd\u8b77\u60a8\u7684\u8eab\u5206\u96b1\u79c1\uff0c\u8b93\u60a8\u4eab\u53d7\u4e0a\u7db2\u5b89\u5fc3\u9ede\u3002<\/p>\n<p>\u4e0d\u53ea\u9632\u6bd2\u4e5f\u9632\u8a50\u9a19 \u2713\u624b\u6a5f\u2713\u96fb\u8166\u2713\u5e73\u677f\uff0c\u8de8\u5e73\u53f0\u9632\u8b77\uff13\u5230\u4f4d\u2794<a href=\"https:\/\/trend-tw.com\/7ufKF\/bbn55592meat \" target=\"_blank\" rel=\"noreferrer noopener\"> \u300b\u5373\u523b\u514d\u8cbb\u4e0b\u8f09\u8a66\u7528<\/a><\/p>\n<p><\/p>\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/trend-tw.com\/7ufKF\/bbn\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/Windows10Banner-540x90v5.gif\" alt=\"\" style=\"aspect-ratio:6;width:540px;height:auto\"\/><\/a><\/figure>\n<br> <\/br>\n<p> \u2705 <strong>\u7368\u5bb6 AI \u96b1\u79c1\u6b0a\u5206\u6790\u6280\u8853<\/strong> \u8b93\u60a8\u7684\u500b\u8cc7\uff0c\u7531\u4f60\u81ea\u5df1\u638c\u63e1<br>  <strong><strong>\u2705\u793e\u7fa4\u5e33\u865f\u76dc\u7528\u8b66\u793a<\/strong><\/strong> \u5728\u707d\u5bb3\u64f4\u5927\u524d\uff0c\u6436\u5148\u4e00\u6b65\u505a\u597d\u9632\u7bc4<br>  <strong><strong>\u2705\u5168\u7403\u500b\u8cc7\u5916\u6d29\u8ffd\u8e64<\/strong><\/strong> 24\u5c0f\u6642\u70ba\u60a8\u76e3\u6e2c\u5b88\u8b77<br> <strong><strong>\u2705\u8de8\u5e73\u53f0\u5bc6\u78bc\u5b89\u5168\u7ba1\u7406<\/strong><\/strong>\u8b93 \u60a8\u5b89\u5fc3\u5132\u5b58\u6240\u6709\u7db2\u8def\u5e33\u5bc6 <\/p>\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/ig_icon_O.png\" alt=\"IG\" \/> \u8da8\u52e2\u79d1\u6280\u4e0d\u53ea\u662f\u7db2\u8def\u5b89\u5168\u5b88\u8b77\u8005,\u9084\u63d0\u4f9b\u5404\u7a2e\u5be6\u75283C\u51b7\u77e5\u8b58<a href=\"https:\/\/trend-tw.com\/rO30o\/blog\">\u8ffd\u8e64\u6211\u5011\u7684IG \u5e33\u865f<\/a>\u770b\u66f4\u591a\u8b93\u4f60\u6578\u4f4d\u751f\u6d3b\u66f4\u4fbf\u5229\u3001\u66f4\u5b89\u5168\u7684\u8cbc\u6587<\/a>\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<p>\u2b55\ufe0f\u7368\u5bb6\uff01\u6bcf\u9031\u7cbe\u9078\u6700\u706b\u7d05\u7684\u8a50\u9a19\u8207\u8cc7\u5b89\u65b0\u805e\uff0c\u8b93\u60a8\u96a8\u6642\u638c\u63e1\u8cc7\u5b89\u8b66\u8a0a\n\u4e0d\u60f3\u6210\u70ba\u4e0b\u4e00\u500b\u53d7\u5bb3\u8005\u55ce\uff1f\u7acb\u5373\u8a02\u95b1\uff0c\u6436\u5148\u4e00\u6b65\u9632\u7bc4\n<\/p>\n<div style=\"padding:20px\" class=\"wp-block-tnp-minimal\"><p><\/p><div><div class=\"tnp tnp-subscription-minimal  \"><form action=\"https:\/\/blog.trendmicro.com.tw\/wp-admin\/admin-ajax.php?action=tnp&amp;na=s\" method=\"post\" style=\"text-align: center\"><input type=\"hidden\" name=\"nr\" value=\"minimal\">\n<input type=\"hidden\" name=\"nlang\" value=\"\">\n<input class=\"tnp-email\" type=\"email\" required name=\"ne\" value=\"\" placeholder=\"Email\"><input class=\"tnp-submit\" type=\"submit\" value=\"\u8a02\u95b1\" style=\"\">\n<\/form><\/div>\n<\/div><\/div>\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<a href=\"https:\/\/trend-tw.com\/ZmotL\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/FB.png\" alt=\"FB\" \/><\/a>\n<a href=\"https:\/\/trend-tw.com\/rO30o\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/ig_icon_O.png\" alt=\"IG\" \/><\/a>\n<a href=\"https:\/\/trend-tw.com\/SM3Bs\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/youtube.png\" alt=\"Youtube\" \/><\/a>\n <a href=\"https:\/\/trend-tw.com\/KhgQD\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/Line.png\" alt=\"LINE\" \/><\/a>\n <a href=\"https:\/\/trend-tw.com\/8y0L5\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/10\/%E5%AE%98%E7%B6%B2.png\" alt=\"\u5b98\u7db2\" \/><\/a>\n <div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n&#8211;\n","protected":false},"excerpt":{"rendered":"<p>\u8da8\u52e2\u79d1\u6280\u767c\u73fe\u4e00\u500b\u6703\u7aca\u53d6\u500b\u8cc7\u7684\u591a\u5e73\u53f0\u9593\u8adc\u8edf\u9ad4: Maikspy,\u76ee\u6a19\u662fWindows\u548cAndroid\u4f7f\u7528\u8005\uff0c\u8a72\u9593 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":null,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"default","_twitter_share_type":"default","_linkedin_share_type":"default","_pinterest_share_type":"default","_linkedin_share_type_page":"default","_instagram_share_type":"default","_medium_share_type":"default","_threads_share_type":"default","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[17,15],"tags":[3852,153,5883,19],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/55592"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55592"}],"version-history":[{"count":6,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/55592\/revisions"}],"predecessor-version":[{"id":87307,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/55592\/revisions\/87307"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}