{"id":72385,"date":"2022-05-19T15:23:02","date_gmt":"2022-05-19T07:23:02","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=72385"},"modified":"2022-10-03T15:49:07","modified_gmt":"2022-10-03T07:49:07","slug":"%e5%a4%9a%e6%ac%be%e8%b6%85%e4%ba%ba%e6%b0%a3app%e5%81%bd%e8%a3%9d-vpn%e3%80%81%e5%81%a5%e8%ba%ab%e3%80%81%e7%9b%b8%e7%89%87%e7%b7%a8%e8%bc%af%e3%80%81%e6%8c%96%e7%a4%a6%e7%ad%89%e6%87%89%e7%94%a8","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=72385","title":{"rendered":"\u591a\u6b3e\u8d85\u4eba\u6c23 APP,\u507d\u88dd VPN\u3001\u5065\u8eab\u3001\u76f8\u7247\u7de8\u8f2f\u3001\u6316\u7926\u7b49\u61c9\u7528\u7a0b\u5f0f,\u7aca\u53d6\u767b\u5165\u6191\u8b49\u8207\u52a0\u5bc6\u8ca8\u5e63\u91d1\u9470,\u9084\u6703\u79c1\u541e100 \u7f8e\u91d1"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\"><\/h1>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u4e0b\u8f09\u514d\u8cbb APP, Facebook \u5e33\u865f\u7adf\u88ab\u5192\u540d\u9032\u884c\u7db2\u8def\u91e3\u9b5a\u8a50\u9a19\u3001\u6563\u767c\u5047\u8cbc\u6587\u2026\u6700\u8fd1<a href=\"https:\/\/t.rend.tw\/?i=OTQzMw\">\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73fe\u60e1\u540d\u662d\u5f70\u7684 Facestealer \u9593\u8adc\u7a0b\u5f0f\u5728 Google Play \u4e0a\u518d\u5ea6\u5229\u7528 200 \u591a\u6b3e\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\u7aca\u53d6\u4f7f\u7528\u8005\u7684 Facebook \u767b\u5165\u6191\u8b49\u3002<br>\u53e6\u5916\u4e5f\u767c\u73fe\u4e86 40 \u591a\u500b\u5192\u724c\u7684\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=56134\">\u6316\u7926( coinmining )<\/a>\u7a0b\u5f0f\uff0c\u5ba3\u7a31\u63d0\u4f9b\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u7684\u8cfa\u9322\u6a5f\u6703,\u8a98\u9a19\u4f7f\u7528\u8005\u8cfc\u8cb7\u4ed8\u8cbb\u670d\u52d9\u6216\u9ede\u9078\u5ee3\u544a\u3002\u9664\u4e86\u5f15\u8a98\u53d7\u5bb3\u8005\u8cfc\u8cb7\u5047\u7684\u96f2\u7aef\u6316\u7926\u670d\u52d9\uff0c\u9084\u6703\u8a66\u5716\u5229\u7528\u4e00\u4e9b\u8a98\u990c\u4f86\u9a19\u53d6\u4f7f\u7528\u8005\u7684\u79c1\u5bc6\u91d1\u9470\u53ca\u5176\u4ed6\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u76f8\u95dc\u7684\u6a5f\u654f\u8cc7\u6599\u3002<br><\/p><\/blockquote>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/t.rend.tw\/?i=MTE1MjQ\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1-1024x538.png\" alt=\"\" class=\"wp-image-72393\" width=\"676\" height=\"355\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1-1024x538.png 1024w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1-300x158.png 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1-768x403.png 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1-30x16.png 30w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2022\/05\/Google-Play-\u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002-1.png 1200w\" sizes=\"(max-width: 676px) 100vw, 676px\" \/><\/a><figcaption>\u884c\u52d5\u88dd\u7f6e\u4f7f\u7528\u8005\u53ef\u63a1\u7528<a href=\"https:\/\/t.rend.tw\/?i=MTE0MjI\">\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77<\/a>\u4f86\u964d\u4f4e\u9019\u985e\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\u7684\u5a01\u8105\uff0c\u9019\u5957\u8edf\u9ad4\u53ef\u5373\u6642\u6216\u96a8\u9078\u6383\u63cf\u884c\u52d5\u88dd\u7f6e\uff0c\u5075\u6e2c\u4e0d\u8096\u7684\u61c9\u7528\u7a0b\u5f0f\u6216\u60e1\u610f\u7a0b\u5f0f\uff0c\u4e26\u5c07\u5b83\u5011\u5c01\u9396\u6216\u79fb\u9664\uff0c\u9019\u5957\u8edf\u9ad4\u5728 Android \u6216 iOS \u5e73\u53f0\u90fd\u6709\u5c0d\u61c9\u7684\u7248\u672c\u3002\u8acb\u5230<a href=\"https:\/\/t.rend.tw\/?i=MTE1MjQ\">\u9019\u88e1<\/a>\u4e0b\u8f09<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><\/h3>\n\n\n\n<p>\u6700\u8fd1\u6211\u5011\u767c\u73fe Google Play \u4e0a\u6709\u591a\u6b3e\u61c9\u7528\u7a0b\u5f0f\u5c08\u9580\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u6a5f\u654f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u79c1\u5bc6\u91d1\u9470\u3002\u7531\u65bc\u9019\u4e9b\u61c9\u7528\u7a0b\u5f0f\u70ba\u6578\u773e\u591a\u4e14\u76f8\u7576\u71b1\u9580 ,\u6709\u7684\u751a\u81f3\u7d2f\u7a4d\u6578\u5341\u842c\u6b21\u4e0b\u8f09,\u6216\u662f\u64c1\u6709 4.5 \u9846\u661f\u8a55\u50f9\u3002\u53e6\u5916\u9084\u6709\u5192\u724c\u6316\u7926\u7a0b\u5f0f,\u85c9\u8457\u634f\u9020\u5047\u8a55\u50f9\u5ba3\u7a31\u5df2\u9818\u5230\u7db2\u7ad9\u7a7a\u6295\u7684 0.1 \u4e59\u592a\u5e63(\u7d04 240 \u7f8e\u5143),\u85c9\u4ee5\u9a19\u53d6\u9322\u5305\u4e2d\u7684 100 \u7f8e\u91d1,\u4e26\u9032\u4e00\u6b65\u8490\u96c6\u79c1\u5bc6\u91d1\u9470\u8207\u52a9\u8a18\u8a5e\u3002<br><\/p>\n\n\n\n<p>\u4ee5\u4e0b\u6211\u5011\u6df1\u5165\u7814\u7a76\u5e7e\u500b\u8ddf\u5065\u8eab\u3001\u76f8\u7247\u7de8\u8f2f\u3001\u6ffe\u93e1\u9084\u6709\u6316\u7926\u7a0b\u5f0f\u6709\u95dc\u7684\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f:<\/p>\n\n\n\n<ul class=\"has-background\" style=\"background-color:#f3f8fa\"><li>Daily Fitness OL<\/li><li>Enjoy Photo Editor<\/li><li>Panorama Camera<\/li><li>Photo Gaming Puzzle<\/li><li>Swarm Photo<\/li><li>Business Meta Manager<\/li><li>Cryptomining Farm Your own Coin<br><\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u5c08\u9580\u7aca\u53d6\u5bc6\u78bc\u7684 Facestealer \u9593\u8adc\u7a0b\u5f0f\u8b8a\u7a2e\u507d\u88dd\u6210\u5065\u8eab\u3001\u76f8\u7247\u7de8\u8f2f\u7b49 200 \u591a\u500b\u61c9\u7528\u7a0b\u5f0f <\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Facestealer \u9593\u8adc\u7a0b\u5f0f\u6700\u65e9\u662f\u5728 2021 \u5e74\u7684\u4e00\u7bc7<a href=\"https:\/\/news.drweb.com\/show\/?i=14244\">\u6587\u7ae0<\/a>\u7576\u4e2d\u6240\u62ab\u9732\uff0c\u8a72\u6587\u7ae0\u8a73\u7d30\u63cf\u8ff0\u5b83\u5982\u4f55\u5728 Google Play \u4e0a\u5229\u7528\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\u7aca\u53d6\u4f7f\u7528\u8005\u7684 Facebook \u767b\u5165\u6191\u8b49\u3002\u9019\u4e9b\u88ab\u5077\u7684\u767b\u5165\u6191\u8b49\u5c07\u7528\u4f86\u767b\u5165\u53d7\u5bb3\u8005\u7684 Facebook \u5e33\u865f\u4ee5\u5f9e\u4e8b\u5404\u7a2e\u60e1\u610f\u6d3b\u52d5\uff0c\u5982\uff1a<strong>\u7db2\u8def\u91e3\u9b5a\u8a50\u9a19\u3001\u6563\u767c\u5047\u8cbc\u6587\u3001\u6563\u767c\u5ee3\u544a<\/strong>\u3002\u5982\u540c\u53e6\u4e00\u500b\u540d\u70ba\u300c<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/c\/no-laughing-matter-joker-latest-ploy.html\">Joker<\/a>\u300d\u7684\u884c\u52d5\u60e1\u610f\u7a0b\u5f0f\u4e00\u6a23\uff0cFacestealer \u6703\u7d93\u5e38\u4fee\u6539\u7a0b\u5f0f\u78bc\uff0c\u9032\u800c\u88fd\u9020\u51fa\u8a31\u591a\u8b8a\u7a2e\u3002\u9019\u500b\u9593\u8adc\u7a0b\u5f0f\u5f9e\u88ab\u767c\u73fe\u4ee5\u4f86\uff0c\u4e00\u76f4\u662f Google Play \u7684\u982d\u75db\u554f\u984c\u3002<\/p>\n\n\n\n<p>\u8fd1\u671f\u6211\u5011\u5728\u7814\u7a76\u884c\u52d5\u60e1\u610f\u7a0b\u5f0f\u6642\u767c\u73fe\u4e86 200 \u591a\u500b Facestealer \u7684\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\uff0c\u4e26\u5df2\u6536\u9304\u5230\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/mars.trendmicro.com\/\">\u884c\u52d5\u61c9\u7528\u7a0b\u5f0f\u4fe1\u8b7d\u8a55\u7b49\u670d\u52d9 (MARS)<\/a> \u8cc7\u6599\u5eab\u7576\u4e2d\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-1.jpg\" alt=\"Facestealer \u6240\u5047\u5192\u7684\u61c9\u7528\u7a0b\u5f0f\u985e\u578b\u3002\"\/><figcaption>\u5716 1\uff1aFacestealer \u6240\u5047\u5192\u7684\u61c9\u7528\u7a0b\u5f0f\u985e\u578b\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u5176\u4e2d\u6709\u4e00\u500b\u61c9\u7528\u7a0b\u5f0f\u53eb\u505a\u300cDaily Fitness OL\u300d\uff0c\u5b83\u507d\u88dd\u6210\u4e00\u6b3e\u5065\u8eab\u61c9\u7528\u7a0b\u5f0f\uff0c\u5ba3\u7a31\u63d0\u4f9b\u5b8c\u6574\u7684\u5065\u8eab\u9805\u76ee\u8207\u793a\u7bc4\u5f71\u7247\u3002\u4f46\u5c31\u50cf\u5b83\u6700\u65e9\u7684\u8b8a\u7a2e\u4e00\u6a23\uff0c\u5b83\u5176\u5be6\u6703\u7aca\u53d6\u4f7f\u7528\u8005\u7684 Facebook \u767b\u5165\u6191\u8b49\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-2.png\" alt=\"\u5716 2\uff1aDaily Fitness OL \u61c9\u7528\u7a0b\u5f0f\u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002\"\/><figcaption>\u5716 2\uff1aDaily Fitness OL \u61c9\u7528\u7a0b\u5f0f\u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u7576\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u555f\u52d5\u6642\uff0c\u5b83\u6703\u767c\u9001\u4e00\u500b\u8acb\u6c42\u81f3\u300chxxps:\/\/sufen168[.]space\/config\u300d\u9019\u500b\u7db2\u5740\u4f86\u4e0b\u8f09\u7d93\u904e\u52a0\u5bc6\u7684\u7d44\u614b\u8a2d\u5b9a\u3002\u7d93\u904e\u6211\u5011\u5206\u6790\uff0c\u9019\u500b\u8acb\u6c42\u6703\u50b3\u56de\u4ee5\u4e0b\u7d44\u614b\u8a2d\u5b9a\u5167\u5bb9\uff1a<\/p>\n\n\n\n<p>`eXyJkIjowLCJleHQxIjoiNSw1LDAsMiwwIiwiZXh0MiI6IiIsImkiOjAsImlkIjoiMTE1NTYzNDk2MTkxMjE3MiIsImwiOjAsImxvZ2luX3BpY191cmxfc3dpdGNoIjowLCJsciI6IjcwIn0`<\/p>\n\n\n\n<p>\u7d93\u904e\u89e3\u5bc6\u4e4b\u5f8c\uff0c\u5176\u5be6\u969b\u7684\u7d44\u614b\u8a2d\u5b9a\u5167\u5bb9\u5982\u4e0b\uff1a<\/p>\n\n\n\n<p>{&#8220;d&#8221;:0,&#8221;ext1&#8243;:&#8221;5,5,0,2,0&#8243;,&#8221;ext2&#8243;:&#8221;&#8221;,&#8221;i&#8221;:0,&#8221;id&#8221;:&#8221;1155634961912172&#8243;,&#8221;l&#8221;:0,&#8221;login_pic_url_switch&#8221;:0,&#8221;lr&#8221;:&#8221;70&#8243;}<\/p>\n\n\n\n<p>\u7d44\u614b\u8a2d\u5b9a\u4e2d\u7684 \u201cl\u201d \u662f\u4e00\u500b\u65d7\u6a19\uff0c\u7528\u4f86\u63a7\u5236\u662f\u5426\u8981\u986f\u793a\u756b\u9762\u4f86\u8981\u6c42\u4f7f\u7528\u767b\u5165 Facebook\u3002\u4f7f\u7528\u8005\u4e00\u65e6\u767b\u5165 Facebook\uff0c\u61c9\u7528\u7a0b\u5f0f\u5c31\u6703\u555f\u52d5 WebView (\u5167\u5d4c\u700f\u89bd\u5668) \u4f86\u8f09\u5165\u7d44\u614b\u8a2d\u5b9a\u4e2d\u7684\u67d0\u500b\u7db2\u5740\uff0c\u5982\uff1a\u300chxxps:\/\/touch[.]facebook[.]com\/home[.]php?sk=h_nor\u300d\u3002\u63a5\u8457\u5b83\u6703\u5c07\u4e00\u6bb5 JavaScript \u7a0b\u5f0f\u78bc\u6ce8\u5165\u8f09\u5165\u7684\u7db2\u9801\u4f86\u7aca\u53d6\u4f7f\u7528\u8005\u8f38\u5165\u7684\u767b\u5165\u6191\u8b49\u3002<\/p>\n\n\n\n<p>\u4f7f\u7528\u8005\u6210\u529f\u767b\u5165\u67d0\u500b\u5e33\u865f\u4e4b\u5f8c\uff0c\u9593\u8adc\u7a0b\u5f0f\u5c31\u6703\u8490\u96c6\u88dd\u7f6e\u4e0a\u7684 cookie\uff0c\u63a5\u8457\u5c07\u6240\u6709\u500b\u4eba\u8b58\u5225\u8cc7\u8a0a (PII) \u52a0\u5bc6\u4e4b\u5f8c\u50b3\u9001\u81f3\u9060\u7aef\u4f3a\u670d\u5668\u3002\u52a0\u5bc6\u91d1\u9470\u8207\u9060\u7aef\u4f3a\u670d\u5668\u7684\u4f4d\u5740\uff0c\u90fd\u53d6\u81ea\u524d\u9762\u4e0b\u8f09\u7684\u7d44\u614b\u8a2d\u5b9a\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-3.png\" alt=\"\u5716 3\uff1aDaily Fitness OL \u5c07\u8490\u96c6\u5230\u7684\u4f7f\u7528\u8005\u8cc7\u8a0a\u50b3\u9001\u81f3\u9060\u7aef\u4f3a\u670d\u5668\u3002\"\/><figcaption>\u5716 3\uff1aDaily Fitness OL \u5c07\u8490\u96c6\u5230\u7684\u4f7f\u7528\u8005\u8cc7\u8a0a\u50b3\u9001\u81f3\u9060\u7aef\u4f3a\u670d\u5668\u3002<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u9084\u6709\u4e00\u500b\u5192\u724c\u7684\u61c9\u7528\u7a0b\u5f0f\u53eb\u505a\u300cEnjoy Photo Editor\u300d\uff0c\u5b83\u8ddf Daily Fitness OL \u7684\u884c\u70ba\u6709\u8a31\u591a\u76f8\u4f3c\u4e4b\u8655\u3002\u5c24\u5176\u662f\u5b83\u5011\u7aca\u53d6\u767b\u5165\u6191\u8b49\u7684\u65b9\u6cd5\u57fa\u672c\u4e0a\u4e00\u6a23\uff0c\u4e5f\u5c31\u662f\uff1a\u900f\u904e\u6ce8\u5165 JavaScript \u7a0b\u5f0f\u78bc\u4f86\u8490\u96c6\u767b\u5165\u6191\u8b49\uff0c\u7136\u5f8c\u5728\u4f7f\u7528\u8005\u6210\u529f\u767b\u5165\u5e33\u865f\u4e4b\u5f8c\u8490\u96c6\u88dd\u7f6e\u4e0a\u7684 cookie\u3002\u4f46\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u4e0d\u540c\u4e4b\u8655\u5728\u65bc\u5b83\u4f7f\u7528\u539f\u751f\u7a0b\u5f0f\u78bc\u4f86\u4e0b\u8f09\u7d44\u614b\u8a2d\u5b9a\u4e26\u4e0a\u50b3\u53d7\u5bb3\u8005\u7684\u767b\u5165\u6191\u8b49\uff0c\u7136\u5f8c\u900f\u904e\u61c9\u7528\u7a0b\u5f0f\u52a0\u5bc6\u7de8\u78bc\u4f86\u8b93\u8cc7\u5b89\u8edf\u9ad4\u4e0d\u5bb9\u6613\u5075\u6e2c\u5230\u5b83\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u5404\u5716\u986f\u793a Facestealer \u7684\u591a\u500b\u8b8a\u7a2e:<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-four.png\" alt=\"Figure 4. The Google Play page for Enjoy Photo Editor\"\/><figcaption>\u5716 4\uff1aEnjoy Photo Editor \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-5.png\" alt=\"Figure 5. The Google Play page for Panorama Camera\"\/><figcaption>\u5716 5\uff1aPanorama Camera \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-6.png\" alt=\"Figure 6. The Google Play page for Photo Gaming Puzzle\"\/><figcaption>\u5716 6\uff1aPhoto Gaming Puzzle \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-7.png\" alt=\"Figure 7. The Google Play page for Swarm Photo\"\/><figcaption>\u5716 7\uff1aSwarm Photo \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-8.png\" alt=\"Figure 8. The Google Play page for Business Meta Manager\"\/><figcaption>\u5716 8\uff1aBusiness Meta Manager \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">40 \u591a\u500b\u5192\u724c\u6316\u7926\u7a0b\u5f0f,\u8490\u96c6\u79c1\u5bc6\u91d1\u9470\u8207\u52a9\u8a18\u8a5e<\/h3>\n\n\n\n<p><br>\u9664\u4e86\u524d\u8ff0\u61c9\u7528\u7a0b\u5f0f\u4e4b\u5916\uff0c<a href=\"https:\/\/t.rend.tw\/?i=OTQzMw\">\u8da8\u52e2\u79d1\u6280<\/a>\u4e5f\u767c\u73fe\u4e86 40 \u591a\u500b\u5192\u724c\u7684\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=56134\">\u6316\u7926( coinmining )<\/a>\u7a0b\u5f0f\uff0c\u6211\u5011\u5728<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/fake-cryptocurrency-mining-apps-trick-victims-into-watching-ads-.html\">\u5148\u524d\u7684\u4e00\u7bc7\u90e8\u843d\u683c<\/a>\u7576\u4e2d\u4e5f\u62ab\u9732\u904e\u985e\u4f3c\u7684\u60e1\u610f\u7a0b\u5f0f\u8b8a\u7a2e\u3002\u9019\u4e9b\u61c9\u7528\u7a0b\u5f0f\u6703\u5ba3\u7a31\u63d0\u4f9b\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u7684\u8cfa\u9322\u6a5f\u6703\u4f86\u8a98\u9a19\u4f7f\u7528\u8005\u8cfc\u8cb7\u4ed8\u8cbb\u670d\u52d9\u6216\u9ede\u9078\u5ee3\u544a\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u5728\u7814\u7a76\u67d0\u500b\u540d\u70ba\u300cCryptomining Farm Your own Coin\u300d\u7684\u65b0\u8b8a\u7a2e\u6642\uff0c\u4e00\u958b\u59cb\u4e26\u672a\u767c\u73fe\u4efb\u4f55\u5ee3\u544a\u6216\u8981\u6c42\u63d0\u4f9b\u6a5f\u654f\u8cc7\u8a0a\u6216\u4ed8\u6b3e\u7684\u884c\u70ba\u3002\u4f46\u662f\u7576\u6211\u5011\u9ede\u9078\u61c9\u7528\u7a0b\u5f0f\u4e2d\u7684\u300cConnect Wallet\u300d(\u9023\u7d50\u9322\u5305) \u6309\u9215\u6642\uff0c\u4fbf\u8df3\u51fa\u4e00\u500b\u756b\u9762\u8981\u6c42\u6211\u5011\u8f38\u5165\u79c1\u5bc6\u91d1\u9470 (\u4e5f\u5c31\u662f\u52a0\u5bc6\u6f14\u7b97\u6cd5\u5728\u5c07\u8cc7\u6599\u52a0\u5bc6\u6642\u6240\u9700\u8981\u7684\u6578\u4f4d\u7c3d\u7ae0)\uff0c\u9019\u770b\u4f86\u5c31\u76f8\u7576\u53ef\u7591\uff0c\u56e0\u6b64\u6211\u5011\u6c7a\u5b9a\u6df1\u5165\u7814\u7a76\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-9.png\" alt=\"\u5716 9\uff1aCryptomining Farm Your own Coin \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002\"\/><figcaption>\u5716 9\uff1aCryptomining Farm Your own Coin \u5728 Google Play \u4e0a\u7684\u4ecb\u7d39\u9801\u9762\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6211\u5011\u5728\u7814\u7a76\u6b64\u61c9\u7528\u7a0b\u5f0f\u7684\u300cmanifest\u300d\u6a94\u6848\u6642\u767c\u73fe\u5b83\u662f\u4f7f\u7528 &nbsp;<a href=\"https:\/\/www.kodular.io\/\">Kodular<\/a> \u6240\u958b\u767c\uff0c\u9019\u662f\u4e00\u500b\u514d\u8cbb\u7684\u884c\u52d5\u61c9\u7528\u7a0b\u5f0f\u958b\u767c\u5957\u4ef6\u3002\u4e8b\u5be6\u4e0a\uff0c\u6211\u5011\u4e4b\u524d\u5206\u6790\u904e\u7684\u5927\u591a\u6578\u5192\u724c\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u4e5f\u90fd\u662f\u4f7f\u7528\u9019\u5957\u6846\u67b6\u6240\u958b\u767c\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-10.png\" alt=\"Figure 10. A code snippet from the manifest file of Cryptomining Farm Your own Coin indicating that the app was developed using Kodular\"\/><figcaption>\u5716 10\uff1a\u5f9e Cryptomining Farm Your own Coin \u7684\u300cmanifest\u300d\u6a94\u6848\u53ef\u770b\u51fa\u6b64\u61c9\u7528\u7a0b\u5f0f\u662f\u4f7f\u7528 Kodular \u6240\u958b\u767c\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6211\u5011\u5728\u67e5\u770b\u5b83\u7684\u7a0b\u5f0f\u78bc\u6642\u767c\u73fe\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u53ea\u6703\u8f09\u5165\u67d0\u500b\u7db2\u7ad9\uff0c\u4e26\u7121\u4efb\u4f55\u6a21\u64ec\u6316\u7926\u52d5\u4f5c\u7684\u7a0b\u5f0f\u78bc\uff0c\u56e0\u6b64\u7121\u6cd5\u5224\u5b9a\u5b83\u662f\u4e0d\u662f\u60e1\u610f\u7a0b\u5f0f\u3002\u4f46\u6211\u5011\u9084\u662f\u6c7a\u5b9a\u9032\u4e00\u6b65\u8ffd\u67e5\uff0c\u5f9e\u88ab\u8f09\u5165\u7684\u7db2\u5740\u958b\u59cb\u67e5\u8d77\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-11.png\" alt=\"Figure 11. A snippet from the code of Cryptomining Farm Your own Coin showing the app wrapper used for the URL of the loaded website\" width=\"598\" height=\"107\"\/><figcaption>\u5716 11\uff1aCryptomining Farm Your own Coin \u7684\u90e8\u5206\u7a0b\u5f0f\u78bc\u986f\u793a\u5b83\u7528\u4f86\u8f09\u5165\u67d0\u500b\u7db2\u7ad9\u7684\u7db2\u5740\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-12.png\" alt=\"Figure 12. The mobile version of the website loaded from Cryptomining Farm Your own Coin\"\/><figcaption>\u5716 12\uff1aCryptomining Farm Your own Coin \u8f09\u5165\u7684\u7db2\u7ad9 (\u884c\u52d5\u88dd\u7f6e\u7248\u672c)\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u70ba\u4e86\u9032\u4e00\u6b65\u5206\u6790\uff0c\u6211\u5011\u8a66\u8457\u5728\u684c\u4e0a\u578b\u96fb\u8166\u700f\u89bd\u5668\u4e2d\u958b\u555f\u9019\u500b\u7db2\u5740\u3002\u4e4d\u770b\u4e4b\u4e0b\uff0c\u88ab\u8f09\u5165\u7684\u7db2\u7ad9\u4f3c\u4e4e\u505a\u5f97\u76f8\u7576\u5c08\u696d\u3002\u5b83\u544a\u8a34\u4f7f\u7528\u8005\u4e0d\u9700\u9810\u5148\u5132\u503c\u5c31\u80fd\u7acb\u5373\u53c3\u52a0\u96f2\u7aef\u6316\u7926\uff0c\u4e26\u5ba3\u7a31\u4f7f\u7528\u8005\u82e5\u9023\u7d50\u81f3\u4e00\u500b\u6709\u6548\u7684\u9322\u5305\uff0c\u5373\u53ef\u514d\u8cbb\u7372\u5f97 500 Gh\/s (gigahashes per second) \u7684\u904b\u7b97\u6548\u80fd\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-13.png\" alt=\"Figure 13. The desktop version of the website loaded from Cryptomining Farm Your own Coin \"\/><figcaption>\u5716 13\uff1a\u5728\u684c\u4e0a\u578b\u96fb\u8166\u700f\u89bd\u5668\u67e5\u770b Cryptomining Farm Your own Coin \u6240\u8f09\u5165\u7684\u7db2\u7ad9\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u7db2\u7ad9\u4e0a\u7528\u4f86\u9023\u7d50\u9322\u5305\u7684\u7db2\u9801\u5411\u4f7f\u7528\u8005\u4fdd\u8b49\u5176\u8cc7\u6599\u5c07\u63a1\u7528 AES (Advanced Encryption Standard) \u4f86\u52a0\u5bc6\uff0c\u800c\u4e14\u4e0d\u6703\u5132\u5b58\u4f7f\u7528\u8005\u7684\u79c1\u5bc6\u91d1\u9470\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-14.png\" alt=\"Figure 14. The wallet connection page of the website loaded from Cryptomining Farm Your own Coin, including assurances that users\u2019 data will be encrypted and private keys will not be stored\"\/><figcaption>\u5716 14\uff1aCryptomining Farm Your own Coin \u8f09\u5165\u7684\u9023\u7d50\u9322\u5305\u756b\u9762\u5411\u4f7f\u7528\u8005\u4fdd\u8b49\u8cc7\u6599\u6703\u7d93\u904e\u52a0\u5bc6\uff0c\u4e26\u4e14\u4e0d\u6703\u5132\u5b58\u4f7f\u7528\u8005\u7684\u79c1\u5bc6\u91d1\u9470\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6211\u5011\u5728\u300cImport by Currency\u300d(\u6311\u9078\u8ca8\u5e63\u532f\u5165) \u6a19\u7c64\u9801\u4e0a\u8f38\u5165\u4e00\u4e32\u96a8\u6a5f\u7684\u79c1\u5bc6\u91d1\u9470\u4f86\u505a\u6e2c\u8a66\uff0c\u63a5\u8457\u64f7\u53d6\u7db2\u8def\u5c01\u5305\u4f86\u9032\u884c\u5206\u6790\uff0c\u5206\u6790\u7d50\u679c\u986f\u793a\u524d\u9762\u6240\u8aaa\u7684\u4fdd\u8b49\u90fd\u662f\u5047\u7684\uff1a\u8a72\u7db2\u7ad9\u4e0d\u4f46\u6703\u5c07\u4f7f\u7528\u8005\u8f38\u5165\u7684\u79c1\u5bc6\u91d1\u9470\u4e0a\u50b3\uff0c\u800c\u4e14\u904e\u7a0b\u4e2d\u6839\u672c\u6c92\u6709\u4efb\u4f55\u52a0\u5bc6\u63aa\u65bd\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-15.png\" alt=\"Figure 15. A test private key being sent to the server controlled by the malicious actors behind Cryptomining Farm Your own Coin\"\/><figcaption>\u5716 15\uff1a\u6e2c\u8a66\u8f38\u5165\u7684\u79c1\u5bc6\u91d1\u9470\u88ab Cryptomining Farm Your own Coin \u50b3\u9001\u81f3\u99ed\u5ba2\u96c6\u5718\u7684\u67d0\u500b\u4f3a\u670d\u5668\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u9664\u4e86\u9a19\u53d6\u79c1\u5bc6\u91d1\u9470\u4e4b\u5916\uff0c\u9019\u500b\u7db2\u7ad9\u9084\u6703\u9a19\u53d6\u4f7f\u7528\u8005\u7684\u52a9\u8a18\u8a5e (mnemonic phrase)\uff0c\u9019\u662f\u5728\u5efa\u7acb\u9322\u5305\u6642\u7522\u751f\u7684\u4e00\u4e32\u4e0d\u7121\u95dc\u806f\u6027\u7684\u5b57\u3002\u9019\u4e32\u5b57\u53ef\u5728\u4f7f\u7528\u8005\u9322\u5305\u907a\u5931\u6216\u640d\u58de\u6642\u7528\u4f86\u6551\u56de\u88e1\u9762\u7684\u52a0\u5bc6\u8ca8\u5e63\u3002\u7576 Cryptomining Farm Your own Coin\u6216\u5b83\u6240\u8f09\u5165\u7684\u7db2\u7ad9\u6536\u5230\u4f7f\u7528\u8005\u8f38\u5165\u7684\u52a9\u8a18\u8a5e\u6642\uff0c\u6703\u76f4\u63a5\u50b3\u9001\u7d66\u61c9\u7528\u7a0b\u5f0f\u6216\u7db2\u7ad9\u80cc\u5f8c\u7684\u99ed\u5ba2\u96c6\u5718\uff0c\u800c\u4e14\u9084\u662f\u4ee5\u660e\u78bc\u65b9\u5f0f\u4e0a\u50b3\u5230\u4f3a\u670d\u5668\u3002\u9019\u6a23\u7684\u4f5c\u6cd5\u8207\u6211\u5011\u4e4b\u524d\u4e00\u7bc7\u90e8\u843d\u683c\u62ab\u9732\u7684<a href=\"https:\/\/news.trendmicro.com\/2022\/01\/20\/watch-out-for-fake-crypto-wallet-apps-4-3m-stolen-metamask-imtoken-bitpie-trust-wallet-and-more\/\">\u5192\u724c\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u9322\u5305\u8edf\u9ad4\u8a50\u9a19<\/a>&nbsp;\u624b\u6cd5\u985e\u4f3c\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-16.png\" alt=\"Figure 16. A mnemonic phrase being sent to the server controlled by the malicious actors behind Cryptomining Farm Your own Coin\" width=\"584\" height=\"359\"\/><figcaption>\u5716 16\uff1a\u52a9\u8a18\u8a5e\u88ab Cryptomining Farm Your own Coin \u50b3\u9001\u81f3\u99ed\u5ba2\u96c6\u5718\u7684\u67d0\u500b\u4f3a\u670d\u5668\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u8da8\u52e2\u79d1\u6280\u627e\u5230\u4e86\u61c9\u7528\u7a0b\u5f0f\u7576\u4e2d\u8ca0\u8cac\u4e0a\u50b3\u7684\u7a0b\u5f0f\u78bc\uff0c\u8b49\u5be6\u8a72\u7db2\u7ad9\u7684\u78ba\u6703\u5c07\u79c1\u5bc6\u91d1\u9470\u6216\u52a9\u8a18\u8a5e\u7528\u660e\u78bc\u65b9\u5f0f\u4e0a\u50b3\u5230\u99ed\u5ba2\u7684\u4f3a\u670d\u5668\u3002 &nbsp;<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-17.png\" alt=\"Figure 17. A snippet from the code of behind Cryptomining Farm Your own Coin showing private keys or mnemonic phrases being sent sans encryption to the server controlled by the malicious actors behind the app\"\/><figcaption>\u5716 17\uff1aCryptomining Farm Your own Coin \u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5\uff0c\u986f\u793a\u79c1\u5bc6\u91d1\u9470\u6216\u52a9\u8a18\u8a5e\u672a\u7d93\u52a0\u5bc6\u5c31\u4e0a\u50b3\u81f3\u99ed\u5ba2\u7684\u4f3a\u670d\u5668\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u70ba\u4e86\u5f15\u8a98\u4f7f\u7528\u8005\u8a3b\u518a\u9019\u9805\u670d\u52d9\uff0c\u8a72\u7db2\u7ad9\u6703\u63d0\u4f9b 0.1 \u4e59\u592a\u5e63\u7684\u7a7a\u6295 (airdrop) \u4f5c\u70ba\u8a98\u990c (\u5728\u672c\u6587\u64b0\u5beb\u6642\u7d04\u5408 240 \u7f8e\u5143)\u3002\u5728\u6709\u95dc\u5982\u4f55\u9818\u53d6\u9019\u7b46\u7a7a\u6295\u7684\u8aaa\u660e\u7576\u4e2d\uff0c\u8a72\u7db2\u7ad9\u5f88\u8070\u660e\u5730\u8868\u793a\u6bcf\u500b\u9322\u5305\u53ea\u80fd\u9818\u53d6\u4e00\u6b21 (\u56e0\u6b64\u4f7f\u7528\u8005\u5fc5\u9808\u7d81\u5b9a\u591a\u500b\u9322\u5305\uff0c\u800c\u4e14\u9322\u5305\u4e2d\u9084\u5fc5\u9808\u64c1\u6709 100 \u7f8e\u5143\u4ee5\u4e0a\u7684\u9918\u984d (\u9019\u6a23\u99ed\u5ba2\u624d\u6709\u6771\u897f\u53ef\u5077)\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-18-b.png\" alt=\"Cryptomining Farm Your own Coin \u63d0\u4f9b 0.1 \u4e59\u592a\u5e63\u7684\u7a7a\u6295\u4f86\u5438\u5f15\u4f7f\u7528\u8005\u8a3b\u518a\u5176\u670d\u52d9\"\/><figcaption>\u5716 18\uff1aCryptomining Farm Your own Coin \u63d0\u4f9b 0.1 \u4e59\u592a\u5e63\u7684\u7a7a\u6295\u4f86\u5438\u5f15\u4f7f\u7528\u8005\u8a3b\u518a\u5176\u670d\u52d9\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u70ba\u4e86\u71df\u9020\u4e00\u7a2e\u771f\u5be6\u7684\u6c1b\u570d\uff0c\u7db2\u7ad9\u9084\u634f\u9020\u4e86\u8a31\u591a\u4f7f\u7528\u8005\u7684\u8a55\u50f9\u5ba3\u7a31\u4ed6\u5011\u5df2\u6210\u529f\u9818\u53d6\u4e86 0.1 \u4e59\u592a\u5e63\u3002&nbsp;<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-19.png\" alt=\"Figure 19. Likely fake comments found on the website loaded from Cryptomining Farm Your own Coin vouching for the legitimacy of the promised airdrop for 0.1 ether \"\/><figcaption>\u5716 19\uff1aCryptomining Farm Your own Coin \u8f09\u5165\u7684\u7db2\u7ad9\u634f\u9020\u7684\u5047\u8a55\u50f9\u5ba3\u7a31\u5df2\u9818\u5230\u7db2\u7ad9\u7a7a\u6295\u7684 0.1 \u4e59\u592a\u5e63\u3002<\/figcaption><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6709\u8da3\u7684\u662f\uff0c\u6211\u5011\u5728\u67e5\u770b\u8ca0\u8cac\u986f\u793a\u7db2\u9801\u4f5c\u8005\u7684\u7a0b\u5f0f\u78bc\u6642 (\u9019\u6b21\u4f3c\u4e4e\u662f\u5047\u5192 Klever \u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u4ea4\u6613\u6240)\uff0c\u6211\u5011\u767c\u73fe\u7a0b\u5f0f\u78bc\u4e2d\u6709\u4e00\u500b\u9023\u7d50\u7adf\u7136\u6307\u5411 Tesla \u5275\u8fa6\u4eba\u66a8\u57f7\u884c\u9577\u4f0a\u9686\uff0e\u99ac\u65af\u514b (Elon Musk) \u7684\u63a8\u7279\u5e33\u865f\uff0c\u99ac\u65af\u514b\u4e5f\u662f\u77e5\u540d\u7684\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6295\u8cc7\u8005\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/marvel-b1-cdn.bc0a.com\/f00000000017219\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials-cryptocurrency-related-keys\/facestealer-20.png\" alt=\"Figure 20. A link to Elon Musk\u2019s Twitter account found in the code of the website loaded from Cryptomining Farm Your own Coin\"\/><figcaption><br>\u5716 20\uff1aCryptomining Farm Your own Coin \u8f09\u5165\u7684\u7db2\u7ad9\u7a0b\u5f0f\u78bc\u4e2d\u542b\u6709\u4f0a\u9686\uff0e\u99ac\u65af\u514b\u7684 Twitter \u5e33\u865f\u9023\u7d50\u3002<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u6b64\u61c9\u7528\u7a0b\u5f0f\u5728\u672c\u6587\u64b0\u5beb\u6642\u5df2\u88ab Google \u4e0b\u67b6\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u7d50\u8ad6\u8207\u5efa\u8b70<br><br><\/h3>\n\n\n\n<p>Facestealer \u61c9\u7528\u7a0b\u5f0f\u901a\u5e38\u6703\u507d\u88dd\u6210\u4e00\u4e9b\u7c21\u55ae\u7684\u5de5\u5177\uff0c\u5982\uff1aVPN\u3001\u76f8\u6a5f\u3001\u76f8\u7247\u7de8\u8f2f\u3001\u5065\u8eab\u7b49\u7b49\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u5c0d\u65bc\u9700\u8981\u9019\u985e\u529f\u80fd\u7684\u4f7f\u7528\u8005\u4f86\u8aaa\u76f8\u7576\u5177\u5438\u5f15\u529b\u3002\u7531\u65bc Facebook \u7ba1\u7406 cookie \u7684\u65b9\u5f0f\u4f7f\u7136\uff0c\u6211\u5011\u89ba\u5f97\u672a\u4f86 Google Play \u4e0a\u4ecd\u5c07\u5145\u65a5\u8457\u9019\u985e\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p>\u81f3\u65bc\u5192\u724c\u7684\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\uff0c\u99ed\u5ba2\u96c6\u5718\u4e0d\u50c5\u6703\u5f15\u8a98\u53d7\u5bb3\u8005\u8cfc\u8cb7\u5047\u7684\u96f2\u7aef\u6316\u7926\u670d\u52d9\uff0c\u800c\u4e14\u9084\u6703\u8a66\u5716\u5229\u7528\u4e00\u4e9b\u8a98\u990c\u4f86\u9a19\u53d6\u4f7f\u7528\u8005\u7684\u79c1\u5bc6\u91d1\u9470\u53ca\u5176\u4ed6\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u76f8\u95dc\u7684\u6a5f\u654f\u8cc7\u6599\u3002\u6211\u5011\u76f8\u4fe1\u672a\u4f86\u9084\u6703\u51fa\u73fe\u4e00\u4e9b\u5176\u4ed6\u7aca\u53d6\u79c1\u5bc6\u91d1\u9470\u8207\u52a9\u8a18\u8a5e\u7684\u624b\u6cd5\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u662f\u9632\u7bc4\u9019\u985e\u60e1\u610f\u61c9\u7a0b\u5f0f\u7684\u56db\u500b\u8981\u9ede:<\/p>\n\n\n\n<ol><li>\u6aa2\u67e5\u61c9\u7528\u7a0b\u5f0f\u7684\u8a55\u50f9 (\u5c24\u5176\u662f\u8ca0\u9762\u8a55\u50f9) \u4f86\u9632\u7bc4\u9019\u985e\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\uff0c\u770b\u770b\u662f\u5426\u6709\u4efb\u4f55\u4ee4\u4eba\u8d77\u7591\u7684\u5730\u65b9\uff0c\u6216\u662f\u5df2\u4e0b\u8f09\u8a72\u7a0b\u5f0f\u7684\u4f7f\u7528\u8005\u5206\u4eab\u7684\u5be6\u969b\u9ad4\u9a57\u3002<\/li><li>\u4ed4\u7d30\u6aa2\u67e5\u61c9\u7528\u7a0b\u5f0f\u7684\u958b\u767c\u8005\u8207\u767c\u884c\u8005\uff0c\u6700\u597d\u907f\u958b\u4e00\u4e9b\u7db2\u7ad9\u770b\u8d77\u4f86\u4e0d\u592a\u53ef\u9760\u3001\u6216\u767c\u884c\u8005\u770b\u4f3c\u4e0d\u592a\u8001\u5be6\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u66f4\u4f55\u6cc1\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4e0a\u9084\u6709\u8a31\u8a31\u591a\u591a\u5176\u4ed6\u7684\u9078\u64c7\u3002<\/li><li>\u907f\u514d\u5f9e\u7b2c\u4e09\u65b9\u4f86\u6e90\u4e0b\u8f09\u61c9\u7528\u7a0b\u5f0f\uff0c\u56e0\u70ba\u8a31\u591a\u99ed\u5ba2\u90fd\u662f\u7d93\u7531\u9019\u4e9b\u7ba1\u9053\u4f86\u6563\u64ad\u4ed6\u5011\u7684\u60e1\u610f\u7a0b\u5f0f\u3002<\/li><li>\u884c\u52d5\u88dd\u7f6e\u4f7f\u7528\u8005\u53ef\u63a1\u7528<a href=\"https:\/\/t.rend.tw\/?i=MTE0MjI\">\u8da8<\/a><a href=\"https:\/\/t.rend.tw\/?i=MTE1MjQ\">\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77<\/a>\u4f86\u964d\u4f4e\u9019\u985e\u5192\u724c\u61c9\u7528\u7a0b\u5f0f\u7684\u5a01\u8105\uff0c\u9019\u5957\u8edf\u9ad4\u53ef\u5373\u6642\u6216\u96a8\u9078\u6383\u63cf\u884c\u52d5\u88dd\u7f6e\uff0c\u5075\u6e2c\u4e0d\u8096\u7684\u61c9\u7528\u7a0b\u5f0f\u6216\u60e1\u610f\u7a0b\u5f0f\uff0c\u4e26\u5c07\u5b83\u5011\u5c01\u9396\u6216\u79fb\u9664\uff0c\u9019\u5957\u8edf\u9ad4\u5728 Android \u6216 iOS \u5e73\u53f0\u90fd\u6709\u5c0d\u61c9\u7684\u7248\u672c\u3002<\/li><\/ol>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u5165\u4fb5\u6307\u6a19 (IoC)<\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>Facestealer<\/strong><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>SHA-256<\/td><td>\u5b89\u88dd\u5957\u4ef6\u540d\u7a31<\/td><td>\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u540d\u7a31<\/td><td>\u88ab\u4e0b\u67b6\u4e4b\u524d\u7d2f\u7a4d\u7684\u4e0b\u8f09\u6b21\u6578<\/td><\/tr><tr><td>7ea4757b71680797cbce66a8ec922484fc25f87814cc4f811e70ceb723bfd0fc<\/td><td>com.olfitness.android<\/td><td>AndroidOS_FaceStealer.HRXH<\/td><td>\u8d85\u904e 10,000<\/td><\/tr><tr><td>b7fe6ec868fedaf37791cf7f1fc1656b4df7cd511b634850b890b333a9b81b9d<\/td><td>com.editor.xinphoto<\/td><td>AndroidOS_FaceStealer.HRXF<\/td><td>\u8d85\u904e 100,000<\/td><\/tr><tr><td>40580a84b5c1b0526973f12d84e46018ea4889978a19fcdcde947de5b2033cff<\/td><td>com.sensitivity.swarmphoto<\/td><td>AndroidOS_FaceStealer.HRXE<\/td><td>\u8d85\u904e 10,000<\/td><\/tr><tr><td>6ccd0c0302cda02566301ae51f8da4935c02664169ad0ead4ee07fa6b2f99112<\/td><td>com.meta.adsformeta3<\/td><td>AndroidOS_FaceStealer.HRXG<\/td><td>\u8d85\u904e 100<\/td><\/tr><tr><td>4464b2de7b877c9ff0e4c904e9256b302c9bd74abc5c8dacb6e4469498c64691<\/td><td>com.photo.panoramacamera<\/td><td>AndroidOS_FaceStealer.HRXF<\/td><td>\u8d85\u904e 50,000&nbsp;<\/td><\/tr><tr><td>3325488a8df69a92be92eb11bf01ab4c9b612c5307d615e72c07a4d859675e3f<\/td><td>com.photo.move<\/td><td>AndroidOS_FaceStealer.HRXF<\/td><td>\u8d85\u904e 10,000<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>\u5192\u724c\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f<\/strong><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>SHA-256<\/td><td>\u5b89\u88dd\u5957\u4ef6\u540d\u7a31<\/td><td>\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u540d\u7a31<\/td><\/tr><tr><td>3d3761c2155f7cabee8533689f473e59d49515323e12e9242553a0bd5e7cffa9 7c76bff97048773d4cda8faacaa9c2248e594942cc492ffbd393ed8553d27e43 c56615acac1a0df1830730fe791bb6f068670d27017f708061119cb3a49d6ff5 &nbsp;<\/td><td>app.cryptomining.work<\/td><td>AndroidOS_FakeMinerStealer<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>\u76f8\u95dc\u7684 MITRE ATT&amp;CK \u624b\u6cd5\u8207\u6280\u5de7<\/strong><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<table  class=\" table table-hover\" ><tbody><tr><td>\u624b\u6cd5<\/td><td>\u6280\u5de7\u7de8\u865f<\/td><td>\u6280\u5de7\u540d\u7a31<\/td><td>\u8aaa\u660e<\/td><\/tr><tr><td>\u7a81\u7834\u9632\u7dda<\/td><td><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1475\/\">T1475<\/a><\/td><td>\u7d93\u7531\u6388\u6b0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u63d0\u4f9b\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f<\/td><td>Facestealer \u548c\u5192\u724c\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u90fd\u662f\u7d93\u7531 Google Play \u6563\u5e03\u3002 &nbsp;<\/td><\/tr><tr><td>\u5b58\u53d6\u767b\u5165\u6191\u8b49<\/td><td><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1411\/\">T1411<\/a><\/td><td>\u8f38\u5165\u63d0\u793a<\/td><td>Facestealer \u61c9\u7528\u7a0b\u5f0f\u6703\u5728\u4f7f\u7528\u8005\u7d93\u7531 WebView \u767b\u5165 Facebook \u6642\u6514\u622a\u5176\u5bc6\u78bc\u3002\u5192\u724c\u865b\u64ec\u52a0\u5bc6\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u5247\u662f\u5047\u88dd\u8981\u9023\u7d50\u81f3\u4f7f\u7528\u8005\u7684\u5e33\u6236\u800c\u8981\u6c42\u63d0\u4f9b\u79c1\u5bc6\u91d1\u9470\u3002<\/td><\/tr><tr><td>\u8490\u96c6<\/td><td><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1533\/\">T1533<\/a><\/td><td>\u4f86\u81ea\u672c\u6a5f\u7cfb\u7d71\u7684\u8cc7\u6599<\/td><td>\u61c9\u7528\u7a0b\u5f0f\u6703\u8490\u96c6 WebView \u7684 cookie\u3002<\/td><\/tr><tr><td>\u8cc7\u6599\u5916\u50b3<\/td><td><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1437\/\">T1437<\/a><\/td><td>\u6a19\u6e96\u61c9\u7528\u7a0b\u5f0f\u5c64\u901a\u8a0a\u5354\u5b9a<\/td><td>\u60e1\u610f\u7a0b\u5f0f\u78bc\u6703\u900f\u904e HTTP \u6216 HTTPS \u5c07\u767b\u5165\u6191\u8b49\u5916\u50b3\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/t.rend.tw\/?i=MTE1MjQ\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-1024x323.jpg\" alt=\"\" class=\"wp-image-68537\" width=\"628\" height=\"197\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-1024x323.jpg 1024w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-300x95.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-768x242.jpg 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-1536x484.jpg 1536w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1-30x9.jpg 30w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/06\/\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77-1.jpg 1893w\" sizes=\"(max-width: 628px) 100vw, 628px\" \/><\/a><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>&#x25fc;\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/e\/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html\">Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys<\/a> \u4f5c\u8005\uff1aCifer Fang\u3001Ford Qin \u8207 Zhengyu Dong<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e0b\u8f09\u514d\u8cbb APP, Facebook \u5e33\u865f\u7adf\u88ab\u5192\u540d\u9032\u884c\u7db2\u8def\u91e3\u9b5a\u8a50\u9a19\u3001\u6563\u767c\u5047\u8cbc\u6587\u2026\u6700\u8fd1\u8da8\u52e2\u79d1\u6280\u767c\u73fe\u60e1\u540d\u662d\u5f70\u7684 F [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[17,690,429,2082,15,3647],"tags":[2274,325,1852],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/72385"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=72385"}],"version-history":[{"count":24,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/72385\/revisions"}],"predecessor-version":[{"id":72479,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/72385\/revisions\/72479"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=72385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=72385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=72385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}