{"id":46632,"date":"2025-08-23T09:03:44","date_gmt":"2025-08-23T02:03:44","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46632"},"modified":"2025-09-04T09:04:49","modified_gmt":"2025-09-04T02:04:49","slug":"trojan-an-trong-pdf-editor-khi-cong-cu-van-phong-bien-thanh-cong-proxy-toi-pham","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/trojan-an-trong-pdf-editor-khi-cong-cu-van-phong-bien-thanh-cong-proxy-toi-pham\/","title":{"rendered":"Trojan \u1ea9n trong PDF Editor: Khi c\u00f4ng c\u1ee5 v\u0103n ph\u00f2ng bi\u1ebfn th\u00e0nh c\u1ed5ng proxy t\u1ed9i ph\u1ea1m"},"content":{"rendered":"<p><b>M\u1ed9t ph\u1ea7n m\u1ec1m ch\u1ec9nh s\u1eeda PDF mi\u1ec5n ph\u00ed ph\u1ed5 bi\u1ebfn g\u1ea7n \u0111\u00e2y b\u1ecb ph\u00e1t hi\u1ec7n \u0111ang l\u1ee3i d\u1ee5ng thi\u1ebft b\u1ecb ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng web tr\u00e1i ph\u00e9p, bi\u1ebfn ch\u00fang th\u00e0nh c\u00e1c n\u00fat proxy ph\u1ee5c v\u1ee5 cho m\u1ea1ng botnet do tin t\u1eb7c \u0111i\u1ec1u khi\u1ec3n.<\/b><\/p>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"PDF Editor.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/pdf-editor-png.17523\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"PDF Editor.png\" src=\"https:\/\/whitehat.vn\/attachments\/pdf-editor-png.17523\/\" alt=\"PDF Editor.png\" width=\"700\" height=\"390\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<p>B\u1ec1 ngo\u00e0i, PDF Editor n\u00e0y c\u00f3 v\u1ebb h\u1ee3p ph\u00e1p, hi\u1ec3n th\u1ecb h\u1ed9p tho\u1ea1i minh b\u1ea1ch th\u00f4ng b\u00e1o v\u1ec1 vi\u1ec7c s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean thi\u1ebft b\u1ecb v\u00e0 \u0111\u1ecba ch\u1ec9 IP cho \u201ct\u1ea3i d\u1eef li\u1ec7u web c\u00f4ng c\u1ed9ng\u201d. Tuy nhi\u00ean, \u1ea9n sau l\u1eddi m\u1eddi n\u00e0y l\u00e0 m\u1ed9t Trojan tinh vi, tri\u1ec3n khai c\u00e1c k\u1ebft n\u1ed1i li\u00ean t\u1ee5c v\u00e0 bi\u1ebfn thi\u1ebft b\u1ecb th\u00e0nh n\u00fat proxy ph\u1ee5c v\u1ee5 cho m\u1ea1ng \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa (C2) c\u1ee7a tin t\u1eb7c.<\/p>\n<p>Khi \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t, payload Trojan ho\u1ea1t \u0111\u1ed9ng m\u00e0 kh\u00f4ng c\u1ea7n t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. \u0110\u00e2y l\u00e0 tr\u00ecnh c\u00e0i \u0111\u1eb7t \u201c\u00e2m th\u1ea7m\u201d, kh\u00f3 b\u1ecb ph\u00e1t hi\u1ec7n b\u1edfi c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 endpoint truy\u1ec1n th\u1ed1ng. M\u1ed9t s\u1ed1 h\u00e0nh vi k\u1ef9 thu\u1eadt \u0111\u00e1ng ch\u00fa \u00fd bao g\u1ed3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Kh\u1ea3 n\u0103ng t\u1ed3n t\u1ea1i l\u00e2u d\u00e0i: Trojan ch\u1ec9nh s\u1eeda registry v\u00e0 c\u00e0i \u0111\u1eb7t c\u00e1c ti\u1ebfn tr\u00ecnh n\u1ec1n \u0111\u1ec3 duy tr\u00ec quy\u1ec1n truy c\u1eadp sau m\u1ed7i l\u1ea7n kh\u1edfi \u0111\u1ed9ng, che gi\u1ea5u ho\u1ea1t \u0111\u1ed9ng d\u01b0\u1edbi danh ngh\u0129a c\u00e1c ch\u1ee9c n\u0103ng PDF h\u1ee3p ph\u00e1p, khi\u1ebfn vi\u1ec7c g\u1ee1 b\u1ecf tr\u1edf n\u00ean kh\u00f3 kh\u0103n.<\/li>\n<li data-xf-list-type=\"ul\">K\u1ebft n\u1ed1i m\u1ea1ng: Ngay sau khi tri\u1ec3n khai, thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m t\u1ea1o c\u00e1c k\u1ebft n\u1ed1i ra c\u00e1c m\u00e1y ch\u1ee7 t\u1ed5ng h\u1ee3p proxy, d\u00f9ng IP d\u00e2n d\u1ee5ng \u0111\u1ec3 trung chuy\u1ec3n l\u01b0u l\u01b0\u1ee3ng \u0111\u1ed9c h\u1ea1i, bao g\u1ed3m c\u1ea3 r\u00fat tr\u1ed9m d\u1eef li\u1ec7u \u1ea9n danh v\u00e0 che gi\u1ea5u d\u1ea5u v\u1ebft cho c\u00e1c chi\u1ebfn d\u1ecbch t\u1ed9i ph\u1ea1m.<\/li>\n<li data-xf-list-type=\"ul\">Th\u1ef1c thi \u0111a giai \u0111o\u1ea1n: Trojan li\u00ean t\u1ee5c ki\u1ec3m tra payload m\u1edbi ho\u1eb7c l\u1ec7nh t\u1eeb server C2, cho ph\u00e9p c\u1eadp nh\u1eadt ch\u1ee9c n\u0103ng t\u1eeb tham gia t\u1ea5n c\u00f4ng DDoS \u0111\u1ebfn thu th\u1eadp th\u00f4ng tin \u0111\u0103ng nh\u1eadp.<\/li>\n<li data-xf-list-type=\"ul\">T\u01b0\u01a1ng t\u00e1c d\u1eef li\u1ec7u: M\u1eb7c d\u00f9 truy c\u1eadp d\u1eef li\u1ec7u tr\u1ef1c ti\u1ebfp \u00edt, malware c\u00f3 th\u1ec3 ch\u00e8n script ho\u1eb7c thao t\u00fang l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng t\u1eeb c\u00e1c host b\u1ecb nhi\u1ec5m, t\u0103ng t\u00ednh \u1ea9n danh c\u1ee7a proxy ho\u1eb7c ch\u1eb7n d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m.<\/li>\n<\/ul>\n<p>Chi\u1ebfn d\u1ecbch n\u00e0y khai th\u00e1c ni\u1ec1m tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng h\u1ed7 tr\u1ee3 c\u00f4ng vi\u1ec7c h\u00e0ng ng\u00e0y. B\u1eb1ng c\u00e1ch nh\u00fang m\u00e3 m\u1ea1ng \u0111\u1ed9c h\u1ea1i tr\u1ef1c ti\u1ebfp v\u00e0o \u1ee9ng d\u1ee5ng PDF \u0111\u01b0\u1ee3c k\u00fd v\u00e0 ph\u00e2n ph\u1ed1i ch\u00ednh th\u1ee9c, tin t\u1eb7c tr\u00e1nh \u0111\u01b0\u1ee3c c\u00e1c c\u01a1 ch\u1ebf whitelisting v\u00e0 ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m truy\u1ec1n th\u1ed1ng. Khi s\u1ed1 l\u01b0\u1ee3ng thi\u1ebft b\u1ecb b\u1ecb chi\u1ebfm \u0111o\u1ea1t \u0111\u1ee7 l\u1edbn, hacker c\u00f3 th\u1ec3 v\u1eadn h\u00e0nh m\u1ed9t c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng botnet quy m\u00f4, ph\u1ee5c v\u1ee5 cho c\u00e1c m\u1ee5c ti\u00eau nh\u01b0 \u0111i\u1ec1u h\u01b0\u1edbng IP d\u00e2n d\u1ee5ng cho \u1ea9n danh t\u1ed9i ph\u1ea1m, th\u1ef1c hi\u1ec7n spam, DDoS, credential stuffing, thu th\u1eadp v\u00e0 tr\u00edch xu\u1ea5t d\u1eef li\u1ec7u nh\u1eafm m\u1ee5c ti\u00eau.<\/p>\n<p>\u0110\u1ec3 h\u1ea1n ch\u1ebf r\u1ee7i ro, ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1ed5 ch\u1ee9c \u0111\u01b0\u1ee3c khuy\u1ebfn c\u00e1o:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">\u0110\u1ecdc k\u1ef9 \u0111i\u1ec1u kho\u1ea3n ph\u1ea7n m\u1ec1m mi\u1ec5n ph\u00ed v\u00e0 gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng b\u1ea5t th\u01b0\u1eddng.<\/li>\n<li data-xf-list-type=\"ul\">Tri\u1ec3n khai c\u01a1 ch\u1ebf ph\u00e1t hi\u1ec7n endpoint m\u1edbi nh\u1ea5t \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c k\u1ef9 thu\u1eadt t\u1ed3n t\u1ea1i l\u00e2u d\u00e0i c\u1ee7a malware.<\/li>\n<li data-xf-list-type=\"ul\">T\u00f9y ch\u1ecdn t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 proxy c\u00f3 th\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c s\u1eed d\u1ee5ng thi\u1ebft b\u1ecb l\u00e0m proxy, nh\u01b0ng kh\u00f4ng lu\u00f4n x\u00f3a s\u1ea1ch Trojan. Vi\u1ec7c lo\u1ea1i b\u1ecf ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 c\u1ea7n c\u00e1c c\u00f4ng c\u1ee5 d\u1ecdn malware chuy\u00ean bi\u1ec7t v\u00e0 ki\u1ec3m tra registry.<\/li>\n<\/ul>\n<p>Kh\u00e1m ph\u00e1 n\u00e0y nh\u1ea5n m\u1ea1nh t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c x\u00e1c minh ngu\u1ed3n g\u1ed1c ph\u1ea7n m\u1ec1m v\u00e0 gi\u00e1m s\u00e1t h\u00e0nh vi thi\u1ebft b\u1ecb, ngay c\u1ea3 v\u1edbi c\u00e1c c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn nh\u01b0 PDF Editor. Tin t\u1eb7c ng\u00e0y c\u00e0ng tinh vi, k\u1ebft h\u1ee3p c\u00e1c c\u00e2u chuy\u1ec7n h\u1ee3p ph\u00e1p v\u1edbi tri\u1ec3n khai m\u1ea1ng botnet \u1ea9n m\u00ecnh, \u0111\u1eb7t ra th\u00e1ch th\u1ee9c l\u1edbn cho b\u1ea3o m\u1eadt c\u00e1 nh\u00e2n v\u00e0 t\u1ed5 ch\u1ee9c.<\/p>\n<div><b><i>Theo Cyber Press<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t ph\u1ea7n m\u1ec1m ch\u1ec9nh s\u1eeda PDF mi\u1ec5n ph\u00ed ph\u1ed5 bi\u1ebfn g\u1ea7n \u0111\u00e2y b\u1ecb ph\u00e1t hi\u1ec7n \u0111ang l\u1ee3i d\u1ee5ng thi\u1ebft b\u1ecb ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng web tr\u00e1i ph\u00e9p, bi\u1ebfn ch\u00fang th\u00e0nh c\u00e1c n\u00fat proxy ph\u1ee5c v\u1ee5 cho m\u1ea1ng botnet do tin t\u1eb7c \u0111i\u1ec1u khi\u1ec3n. B\u1ec1 ngo\u00e0i, PDF Editor n\u00e0y c\u00f3 v\u1ebb h\u1ee3p [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":46633,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,35],"tags":[],"class_list":["post-46632","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46632"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46632\/revisions"}],"predecessor-version":[{"id":46634,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46632\/revisions\/46634"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46633"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}