{"id":47950,"date":"2026-05-12T15:55:12","date_gmt":"2026-05-12T08:55:12","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47950"},"modified":"2026-05-29T15:56:06","modified_gmt":"2026-05-29T08:56:06","slug":"openclaw-gia-mao-phat-tan-ma-doc-danh-cap-vi-tien-dien-tu-va-trinh-quan-ly-mat-khau","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/openclaw-gia-mao-phat-tan-ma-doc-danh-cap-vi-tien-dien-tu-va-trinh-quan-ly-mat-khau\/","title":{"rendered":"OpenClaw gi\u1ea3 m\u1ea1o ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c \u0111\u00e1nh c\u1eafp v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u00e0 tr\u00ecnh qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u"},"content":{"rendered":"
M\u1ed9t chi\u1ebfn d\u1ecbch m\u1edbi \u0111ang thu h\u00fat s\u1ef1 ch\u00fa \u00fd c\u1ee7a gi\u1edbi an ninh m\u1ea1ng khi l\u1ee3i d\u1ee5ng s\u1ee9c h\u00fat c\u1ee7a c\u00e1c c\u00f4ng c\u1ee5 AI m\u00e3 ngu\u1ed3n m\u1edf \u0111\u1ec3 ph\u00e1t t\u00e1n infostealer. Tin t\u1eb7c gi\u1ea3 m\u1ea1o tr\u00ecnh c\u00e0i \u0111\u1eb7t OpenClaw nh\u1eb1m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u t\u1eeb h\u01a1n 250 ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ecnh duy\u1ec7t, t\u1eadp trung v\u00e0o v\u00ed ti\u1ec1n m\u00e3 h\u00f3a v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u.<\/b>
\n\u200b<\/div>\n
\n
\"openclaw.png\"<\/div>\n

Ngu\u1ed3n: The Hacker News<\/i>
\n\u200b<\/div>\n

Theo b\u00e1o c\u00e1o t\u1eeb Netskope Threat Labs, ho\u1ea1t \u0111\u1ed9ng c\u1ee7a chi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c ghi nh\u1eadn \u00edt nh\u1ea5t t\u1eeb th\u00e1ng 2\/2026, cho th\u1ea5y \u0111\u00e2y kh\u00f4ng ph\u1ea3i m\u1ed9t \u0111\u1ee3t ph\u00e1t t\u00e1n ng\u1eafn h\u1ea1n m\u00e0 l\u00e0 m\u1ed9t chi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c chu\u1ea9n b\u1ecb c\u00f3 t\u1ed5 ch\u1ee9c. \u0110\u1ebfn ng\u00e0y 9\/3\/2026, tin t\u1eb7c \u0111\u00e3 \u0111\u0103ng k\u00fd t\u00ean mi\u1ec1n gi\u1ea3 m\u1ea1o openclaw-installer.com v\u00e0 s\u1eed d\u1ee5ng n\u00f3 nh\u01b0 \u0111i\u1ec3m ph\u00e1t t\u00e1n ch\u00ednh \u0111\u1ec3 d\u1ee5 ng\u01b0\u1eddi d\u00f9ng t\u1ea3i v\u1ec1 b\u1ed9 c\u00e0i \u0111\u1ed9c h\u1ea1i khi t\u00ecm ki\u1ebfm c\u00e1c c\u00f4ng c\u1ee5 AI h\u1ee3p ph\u00e1p.\u200b<\/div>\n
B\u1ed9 c\u00e0i gi\u1ea3 m\u1ea1o n\u1eb7ng 130MB \u0111\u1ec3 v\u01b0\u1ee3t m\u1eb7t antivirus v\u00e0 sandbox\u200b<\/div>\n
Website gi\u1ea3 m\u1ea1o ph\u00e1t t\u00e1n t\u1ec7p OpenClaw_x64[.]7z, b\u00ean trong ch\u1ee9a m\u1ed9t file th\u1ef1c thi vi\u1ebft b\u1eb1ng Rust c\u00f3 dung l\u01b0\u1ee3ng l\u00ean t\u1edbi 130MB. Theo Netskope, k\u00edch th\u01b0\u1edbc b\u1ea5t th\u01b0\u1eddng n\u00e0y kh\u00f4ng ph\u1ea3i ng\u1eabu nhi\u00ean m\u00e0 \u0111\u01b0\u1ee3c t\u1ea1o ra c\u00f3 ch\u1ee7 \u0111\u00edch nh\u1eb1m n\u00e9 c\u00e1c c\u01a1 ch\u1ebf ph\u00f2ng th\u1ee7 t\u1ef1 \u0111\u1ed9ng, bao g\u1ed3m c\u1ea3 ph\u1ea7n m\u1ec1m antivirus l\u1eabn c\u00e1c h\u1ec7 th\u1ed1ng sandbox ph\u00e2n t\u00edch m\u00e3 \u0111\u1ed9c. Vi\u1ec7c \u201c\u0111\u1ed9n\u201d dung l\u01b0\u1ee3ng l\u1edbn gi\u00fap t\u1ec7p v\u01b0\u1ee3t qua m\u1ed9t s\u1ed1 ng\u01b0\u1ee1ng qu\u00e9t t\u1ef1 \u0111\u1ed9ng v\u00e0 gi\u1edbi h\u1ea1n x\u1eed l\u00fd c\u1ee7a h\u1ec7 th\u1ed1ng ph\u00e2n t\u00edch, t\u1eeb \u0111\u00f3 l\u00e0m gi\u1ea3m kh\u1ea3 n\u0103ng b\u1ecb ph\u00e1t hi\u1ec7n trong giai \u0111o\u1ea1n \u0111\u1ea7u x\u00e2m nh\u1eadp.
\n\u200b<\/div>\n
\n
\"1778488437413.png\"<\/div>\n

Trang c\u00e0i \u0111\u1eb7t gi\u1ea3 m\u1ea1o c\u1ee7a OpenClaw (Ngu\u1ed3n: Netskope)<\/i>
\n\u200b<\/div>\n

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u \u0111\u1eb7t t\u00ean cho l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng n\u00e0y l\u00e0 \u201cHologram\u201d, \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 phi\u00ean b\u1ea3n c\u00f3 kh\u1ea3 n\u0103ng n\u00e9 tr\u00e1nh ph\u00e2n t\u00edch v\u00e0 duy tr\u00ec hi\u1ec7n di\u1ec7n tinh vi h\u01a1n \u0111\u00e1ng k\u1ec3 so v\u1edbi c\u00e1c bi\u1ebfn th\u1ec3 tr\u01b0\u1edbc \u0111\u00f3. \u0110\u00e1ng ch\u00fa \u00fd, ngay trong ph\u1ea7n manifest, dropper c\u00f2n t\u1ef1 m\u00f4 t\u1ea3 l\u00e0 \u201cDecoy entity generator for tactical misdirection\u201d, t\u1ea1m d\u1ecbch l\u00e0 \u201cth\u1ef1c th\u1ec3 \u0111\u00e1nh l\u1ea1c h\u01b0\u1edbng chi\u1ebfn thu\u1eadt\u201d, cho th\u1ea5y m\u1ee9c \u0111\u1ed9 ch\u1ee7 \u0111\u00edch trong vi\u1ec7c che gi\u1ea5u h\u00e0nh vi th\u1ef1c s\u1ef1.<\/p>\n

Sau khi \u0111\u01b0\u1ee3c th\u1ef1c thi tr\u00ean thi\u1ebft b\u1ecb n\u1ea1n nh\u00e2n, m\u00e3 \u0111\u1ed9c b\u1eaft \u0111\u1ea7u chu\u1ed7i ki\u1ec3m tra m\u00f4i tr\u01b0\u1eddng nh\u1eb1m x\u00e1c \u0111\u1ecbnh li\u1ec7u h\u1ec7 th\u1ed1ng c\u00f3 \u0111ang b\u1ecb ph\u00e2n t\u00edch hay kh\u00f4ng. C\u1ee5 th\u1ec3, n\u00f3 r\u00e0 so\u00e1t c\u00e1c d\u1ea5u hi\u1ec7u li\u00ean quan \u0111\u1ebfn m\u00e1y \u1ea3o nh\u01b0 chu\u1ed7i BIOS, c\u00e1c th\u01b0 vi\u1ec7n \u0111\u1eb7c tr\u01b0ng c\u1ee7a m\u00f4i tr\u01b0\u1eddng sandbox, c\u0169ng nh\u01b0 nh\u1eefng c\u1ea5u h\u00ecnh ph\u1ea7n c\u1ee9ng b\u1ea5t th\u01b0\u1eddng th\u01b0\u1eddng xu\u1ea5t hi\u1ec7n trong h\u1ec7 th\u1ed1ng nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt.<\/p>\n

N\u1ebfu kh\u00f4ng ph\u00e1t hi\u1ec7n d\u1ea5u hi\u1ec7u c\u1ee7a m\u00f4i tr\u01b0\u1eddng ph\u00e2n t\u00edch, m\u00e3 \u0111\u1ed9c ti\u1ebfp t\u1ee5c b\u01b0\u1edbc sang giai \u0111o\u1ea1n ch\u1edd h\u00e0nh vi ng\u01b0\u1eddi d\u00f9ng th\u1ef1c, \u0111\u1eb7c bi\u1ec7t l\u00e0 chuy\u1ec3n \u0111\u1ed9ng chu\u1ed9t. \u0110\u00e2y l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt n\u00e9 tr\u00e1nh ph\u1ed5 bi\u1ebfn nh\u1eb1m qua m\u1eb7t c\u00e1c sandbox t\u1ef1 \u0111\u1ed9ng v\u1ed1n kh\u00f4ng m\u00f4 ph\u1ecfng \u0111\u1ea7y \u0111\u1ee7 t\u01b0\u01a1ng t\u00e1c ng\u01b0\u1eddi d\u00f9ng, t\u1eeb \u0111\u00f3 gi\u00fap m\u00e3 \u0111\u1ed9c ch\u1ec9 k\u00edch ho\u1ea1t payload khi ch\u1eafc ch\u1eafn \u0111ang ch\u1ea1y tr\u00ean thi\u1ebft b\u1ecb th\u1eadt.\u200b<\/p><\/div>\n

V\u00f4 hi\u1ec7u h\u00f3a Windows Defender, tri\u1ec3n khai 6 module t\u1ea5n c\u00f4ng<\/b>\u200b<\/div>\n
Khi x\u00e1c \u0111\u1ecbnh \u0111ang ho\u1ea1t \u0111\u1ed9ng tr\u00ean thi\u1ebft b\u1ecb th\u1eadt, dropper ti\u1ebfn h\u00e0nh h\u00e0ng lo\u1ea1t h\u00e0nh vi nh\u1eb1m m\u1edf r\u1ed9ng quy\u1ec1n ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng. Tr\u01b0\u1edbc h\u1ebft, m\u00e3 \u0111\u1ed9c v\u00f4 hi\u1ec7u h\u00f3a Windows Defender, sau \u0111\u00f3 t\u1ef1 \u0111\u1ed9ng t\u1ea1o c\u00e1c rule firewall \u0111\u1ec3 m\u1edf d\u1ea3i c\u1ed5ng t\u1eeb 56001 \u0111\u1ebfn 57002, ph\u1ee5c v\u1ee5 cho k\u00eanh li\u00ean l\u1ea1c \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa. Ngay sau b\u01b0\u1edbc n\u00e0y, h\u1ec7 th\u1ed1ng t\u1ea3i xu\u1ed1ng \u0111\u1ed3ng th\u1eddi s\u00e1u module \u0111\u1ed9c h\u1ea1i ri\u00eang bi\u1ec7t t\u1eeb h\u1ea1 t\u1ea7ng c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n

Sau khi to\u00e0n b\u1ed9 module \u0111\u01b0\u1ee3c tri\u1ec3n khai th\u00e0nh c\u00f4ng, m\u00e3 \u0111\u1ed9c g\u1eedi t\u00edn hi\u1ec7u x\u00e1c nh\u1eadn v\u1ec1 k\u00eanh Telegram do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t, cho th\u1ea5y qu\u00e1 tr\u00ecnh x\u00e2m nh\u1eadp \u0111\u00e3 ho\u00e0n t\u1ea5t v\u00e0 thi\u1ebft b\u1ecb \u0111\u00e3 n\u1eb1m trong v\u00f2ng ki\u1ec3m so\u00e1t.<\/p>\n

Chu\u1ed7i t\u1ea5n c\u00f4ng \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf theo m\u00f4 h\u00ecnh ph\u00e2n t\u00e1ch ch\u1ee9c n\u0103ng r\u00f5 r\u00e0ng gi\u1eefa c\u00e1c module. Trong \u0111\u00f3, m\u1ed9t module \u0111\u1ea3m nhi\u1ec7m vi\u1ec7c thu th\u1eadp fingerprint ph\u1ea7n c\u1ee9ng c\u1ee7a thi\u1ebft b\u1ecb nh\u1eb1m \u0111\u00e1nh gi\u00e1 gi\u00e1 tr\u1ecb m\u1ee5c ti\u00eau, ph\u1ee5c v\u1ee5 ph\u00e2n lo\u1ea1i n\u1ea1n nh\u00e2n tr\u01b0\u1edbc khi khai th\u00e1c s\u00e2u h\u01a1n. M\u1ed9t module kh\u00e1c thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i C2 \u1ed5n \u0111\u1ecbnh v\u00e0 duy tr\u00ec li\u00ean l\u1ea1c l\u00e2u d\u00e0i v\u1edbi h\u1ea1 t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n

\u0110\u00e1ng ch\u00fa \u00fd, m\u00e3 \u0111\u1ed9c c\u00f2n s\u1eed d\u1ee5ng th\u00e0nh ph\u1ea7n vi\u1ebft b\u1eb1ng Rust c\u00f3 t\u00ean clroxide \u0111\u1ec3 t\u1ea3i assembly .NET tr\u1ef1c ti\u1ebfp v\u00e0o b\u1ed9 nh\u1edb. Theo Netskope, \u0111\u00e2y l\u00e0 k\u1ef9 thu\u1eadt ch\u01b0a t\u1eebng \u0111\u01b0\u1ee3c ghi nh\u1eadn trong c\u00e1c chi\u1ebfn d\u1ecbch crimeware tr\u01b0\u1edbc \u0111\u00e2y, cho th\u1ea5y m\u1ee9c \u0111\u1ed9 ph\u1ee9c t\u1ea1p v\u00e0 kh\u1ea3 n\u0103ng n\u00e9 tr\u00e1nh ph\u00e2n t\u00edch \u1edf c\u1ea5p \u0111\u1ed9 cao h\u01a1n so v\u1edbi c\u00e1c bi\u1ebfn th\u1ec3 infostealer th\u00f4ng th\u01b0\u1eddng.\u200b<\/p><\/div>\n

Nh\u1eafm t\u1edbi h\u01a1n 250 ti\u1ec7n \u00edch li\u00ean quan ti\u1ec1n s\u1ed1 v\u00e0 m\u1eadt kh\u1ea9u\u200b<\/h2>\n
Ph\u1ea7n nguy hi\u1ec3m nh\u1ea5t c\u1ee7a chi\u1ebfn d\u1ecbch n\u1eb1m \u1edf kh\u1ea3 n\u0103ng \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u v\u1edbi quy m\u00f4 l\u1edbn v\u00e0 c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng theo th\u1eddi gian. Thay v\u00ec nh\u00fang c\u1ee9ng danh s\u00e1ch m\u1ee5c ti\u00eau tr\u1ef1c ti\u1ebfp trong m\u00e3 nh\u1ecb ph\u00e2n nh\u01b0 c\u00e1c bi\u1ebfn th\u1ec3 infostealer th\u00f4ng th\u01b0\u1eddng, m\u00e3 \u0111\u1ed9c truy xu\u1ea5t danh s\u00e1ch n\u00e0y t\u1eeb m\u1ed9t kho Azure DevOps do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y bi\u1ebfn danh s\u00e1ch m\u1ee5c ti\u00eau th\u00e0nh m\u1ed9t ngu\u1ed3n d\u1eef li\u1ec7u \u0111\u1ed9ng, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng li\u00ean t\u1ee5c b\u1ed5 sung ho\u1eb7c \u0111i\u1ec1u ch\u1ec9nh c\u00e1c \u1ee9ng d\u1ee5ng b\u1ecb nh\u1eafm t\u1edbi m\u00e0 kh\u00f4ng c\u1ea7n c\u1eadp nh\u1eadt l\u1ea1i m\u00e3 \u0111\u1ed9c tr\u00ean thi\u1ebft b\u1ecb n\u1ea1n nh\u00e2n, qua \u0111\u00f3 gi\u1ea3m nguy c\u01a1 b\u1ecb ph\u00e1t hi\u1ec7n theo ch\u1eef k\u00fd.<\/p>\n

Theo d\u1eef li\u1ec7u ghi nh\u1eadn, h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau tr\u1ea3i r\u1ed9ng tr\u00ean h\u01a1n 250 ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ecnh duy\u1ec7t. Trong \u0111\u00f3 c\u00f3 kho\u1ea3ng 201 ti\u1ec7n \u00edch li\u00ean quan tr\u1ef1c ti\u1ebfp \u0111\u1ebfn v\u00ed ti\u1ec1n m\u00e3 h\u00f3a nh\u01b0 MetaMask, Phantom, Coinbase Wallet, OKX, Rabby v\u00e0 Ronin. Nh\u00f3m c\u00f2n l\u1ea1i g\u1ed3m 49 \u1ee9ng d\u1ee5ng thu\u1ed9c nh\u00f3m qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u v\u00e0 x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 nh\u01b0 Bitwarden, LastPass, 1Password, NordPass, KeePass v\u00e0 Google Authenticator, v\u1ed1n l\u01b0u tr\u1eef c\u00e1c th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u00f3 m\u1ee9c \u0111\u1ed9 nh\u1ea1y c\u1ea3m cao.<\/p>\n

Kh\u00f4ng d\u1eebng l\u1ea1i \u1edf tr\u00ecnh duy\u1ec7t, chu\u1ed7i t\u1ea5n c\u00f4ng c\u00f2n m\u1edf r\u1ed9ng sang h\u1ec7 th\u1ed1ng t\u1eadp tin c\u1ee5c b\u1ed9. M\u00e3 \u0111\u1ed9c ch\u1ee7 \u0111\u1ed9ng truy c\u1eadp th\u01b0 m\u1ee5c Ledger Live tr\u00ean thi\u1ebft b\u1ecb, t\u1eeb \u0111\u00f3 khai th\u00e1c th\u00eam d\u1eef li\u1ec7u li\u00ean quan \u0111\u1ebfn v\u00ed ph\u1ea7n c\u1ee9ng Ledger. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y t\u1ea1o ra m\u1ed9t h\u01b0\u1edbng \u0111\u00e1nh c\u1eafp song song, t\u00e1ch bi\u1ec7t v\u1edbi lu\u1ed3ng khai th\u00e1c t\u1eeb tr\u00ecnh duy\u1ec7t, gi\u00fap gia t\u0103ng kh\u1ea3 n\u0103ng thu th\u1eadp th\u00f4ng tin t\u00e0i s\u1ea3n s\u1ed1 c\u1ee7a n\u1ea1n nh\u00e2n.<\/p>\n

S\u1ef1 k\u1ebft h\u1ee3p gi\u1eefa danh s\u00e1ch m\u1ee5c ti\u00eau \u0111\u1ed9ng th\u00f4ng qua Azure DevOps v\u00e0 kh\u1ea3 n\u0103ng khai th\u00e1c nhi\u1ec1u ngu\u1ed3n d\u1eef li\u1ec7u kh\u00e1c nhau khi\u1ebfn chi\u1ebfn d\u1ecbch tr\u1edf n\u00ean linh ho\u1ea1t, kh\u00f3 d\u1ef1 \u0111o\u00e1n v\u00e0 kh\u00f3 v\u00f4 hi\u1ec7u h\u00f3a b\u1eb1ng c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng th\u1ee7 truy\u1ec1n th\u1ed1ng v\u1ed1n ph\u1ee5 thu\u1ed9c nhi\u1ec1u v\u00e0o danh s\u00e1ch m\u1ee5c ti\u00eau c\u1ed1 \u0111\u1ecbnh.\u200b<\/p><\/div>\n

C\u01a1 ch\u1ebf b\u00e1m tr\u1ee5 nhi\u1ec1u l\u1edbp gi\u00fap m\u00e3 \u0111\u1ed9c t\u1ed3n t\u1ea1i l\u00e2u d\u00e0i trong h\u1ec7 th\u1ed1ng\u200b<\/h2>\n
\u0110\u1ec3 duy tr\u00ec hi\u1ec7n di\u1ec7n l\u00e2u d\u00e0i trong h\u1ec7 th\u1ed1ng, m\u00e3 \u0111\u1ed9c tri\u1ec3n khai \u0111\u1ed3ng th\u1eddi nhi\u1ec1u c\u01a1 ch\u1ebf b\u00e1m tr\u1ee5 kh\u00e1c nhau nh\u01b0 registry autorun, hijack Winlogon Userinit, scheduled task v\u00e0 c\u00e1c dropper d\u1ef1 ph\u00f2ng ho\u1ea1t \u0111\u1ed9ng th\u00f4ng qua Telegram. Vi\u1ec7c s\u1eed d\u1ee5ng nhi\u1ec1u l\u1edbp persistence gi\u00fap m\u00e3 \u0111\u1ed9c v\u1eabn c\u00f3 th\u1ec3 t\u1ef1 kh\u1edfi ch\u1ea1y l\u1ea1i ho\u1eb7c t\u1ea3i l\u1ea1i th\u00e0nh ph\u1ea7n b\u1ecb m\u1ea5t ngay c\u1ea3 khi implant ch\u00ednh \u0111\u00e3 b\u1ecb x\u00f3a kh\u1ecfi thi\u1ebft b\u1ecb.<\/p>\n

Trong qu\u00e1 tr\u00ecnh ph\u00e2n t\u00edch, Netskope c\u0169ng ph\u00e1t hi\u1ec7n nh\u00f3m v\u1eadn h\u00e0nh li\u00ean t\u1ee5c thay \u0111\u1ed5i h\u1ea1 t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n nh\u1eb1m g\u00e2y kh\u00f3 kh\u0103n cho vi\u1ec7c truy v\u1ebft v\u00e0 ng\u0103n ch\u1eb7n. Thay v\u00ec hardcode \u0111\u1ecba ch\u1ec9 m\u00e1y ch\u1ee7 C2 trong m\u00e3 \u0111\u1ed9c nh\u01b0 th\u00f4ng th\u01b0\u1eddng, m\u00e3 \u0111\u1ed9c s\u1ebd \u0111\u1ecdc \u0111\u1ed9ng th\u00f4ng tin k\u1ebft n\u1ed1i t\u1eeb ph\u1ea7n m\u00f4 t\u1ea3 c\u1ee7a m\u1ed9t k\u00eanh Telegram do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.
\n\u200b<\/p><\/div>\n

\n
\"1778488640559.png\"<\/div>\n

\u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh hi\u1ec3n th\u1ecb li\u00ean k\u1ebft kh\u1edfi \u0111\u1ed9ng OneDriveSync (Ngu\u1ed3n: Netskope)<\/i>\u200b<\/div>\n

\nC\u00e1ch v\u1eadn h\u00e0nh n\u00e0y cho ph\u00e9p nh\u00f3m t\u1ea5n c\u00f4ng thay \u0111\u1ed5i m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n g\u1ea7n nh\u01b0 t\u1ee9c th\u1eddi. N\u1ebfu m\u1ed9t t\u00ean mi\u1ec1n ho\u1eb7c \u0111\u1ecba ch\u1ec9 IP b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 ch\u1eb7n, ch\u00fang ch\u1ec9 c\u1ea7n c\u1eadp nh\u1eadt n\u1ed9i dung trong Telegram \u0111\u1ec3 to\u00e0n b\u1ed9 m\u00e3 \u0111\u1ed9c \u0111ang ho\u1ea1t \u0111\u1ed9ng t\u1ef1 \u0111\u1ed9ng chuy\u1ec3n sang h\u1ea1 t\u1ea7ng m\u1edbi trong l\u1ea7n k\u1ebft n\u1ed1i ti\u1ebfp theo.<\/p>\n

Kh\u00f4ng d\u1eebng l\u1ea1i \u1edf \u0111\u00f3, to\u00e0n b\u1ed9 d\u1eef li\u1ec7u \u0111\u00e1nh c\u1eafp t\u1eeb n\u1ea1n nh\u00e2n nh\u01b0 username, \u0111\u1ecba ch\u1ec9 IP v\u00e0 timestamp c\u00f2n \u0111\u01b0\u1ee3c chuy\u1ec3n ti\u1ebfp th\u00f4ng qua Hookdeck, m\u1ed9t d\u1ecbch v\u1ee5 webhook relay h\u1ee3p ph\u00e1p. Vi\u1ec7c l\u1ee3i d\u1ee5ng d\u1ecbch v\u1ee5 trung gian gi\u00fap che gi\u1ea5u Telegram bot token kh\u1ecfi l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng, \u0111\u1ed3ng th\u1eddi khi\u1ebfn qu\u00e1 tr\u00ecnh l\u1ea7n ng\u01b0\u1ee3c backend \u0111i\u1ec1u khi\u1ec3n th\u1ef1c s\u1ef1 tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n \u0111\u00e1ng k\u1ec3.\u200b<\/p><\/div>\n

Khuy\u1ebfn ngh\u1ecb\u200b<\/h3>\n
C\u00e1c chuy\u00ean gia nh\u1eadn \u0111\u1ecbnh vi\u1ec7c ch\u1eb7n ri\u00eang l\u1ebb t\u1eebng t\u00ean mi\u1ec1n g\u1ea7n nh\u01b0 kh\u00f4ng \u0111\u1ee7 \u0111\u1ec3 ng\u0103n ch\u1eb7n chi\u1ebfn d\u1ecbch n\u00e0y, do k\u1ebb t\u1ea5n c\u00f4ng li\u00ean t\u1ee5c thay \u0111\u1ed5i h\u1ea1 t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n v\u00e0 m\u00e1y ch\u1ee7 C2 nh\u1eb1m n\u00e9 tr\u00e1nh ph\u00e1t hi\u1ec7n.<\/p>\n

Thay v\u00ec ch\u1ec9 d\u1ef1a v\u00e0o blacklist domain, doanh nghi\u1ec7p \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb t\u1eadp trung theo d\u00f5i c\u00e1c d\u1ea5u hi\u1ec7u h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng trong h\u1ec7 th\u1ed1ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng ho\u1ea1t \u0111\u1ed9ng li\u00ean quan t\u1edbi c\u01a1 ch\u1ebf n\u00e9 tr\u00e1nh ph\u00e2n t\u00edch v\u00e0 duy tr\u00ec k\u1ebft n\u1ed1i \u0111i\u1ec1u khi\u1ec3n c\u1ee7a m\u00e3 \u0111\u1ed9c.<\/p>\n

M\u1ed9t s\u1ed1 d\u1ea5u hi\u1ec7u \u0111\u00e1ng ch\u00fa \u00fd g\u1ed3m:\u200b<\/p><\/div>\n

    \n
  • \n
    File c\u00e0i \u0111\u1eb7t c\u00f3 dung l\u01b0\u1ee3ng b\u1ea5t th\u01b0\u1eddng\u200b<\/div>\n<\/li>\n
  • \n
    PowerShell \u0111\u01b0\u1ee3c kh\u1edfi ch\u1ea1y t\u1eeb c\u00e1c binary kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c\u200b<\/div>\n<\/li>\n
  • \n
    K\u1ebft n\u1ed1i t\u1edbi c\u00e1c d\u1ecbch v\u1ee5 webhook relay\u200b<\/div>\n<\/li>\n
  • \n
    Azure DevOps traffic ph\u00e1t sinh t\u1eeb ti\u1ebfn tr\u00ecnh kh\u00f4ng li\u00ean quan ho\u1ea1t \u0111\u1ed9ng l\u1eadp tr\u00ecnh ho\u1eb7c ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m\u200b<\/div>\n<\/li>\n
  • \n
    Firewall b\u1ecb t\u1ef1 \u0111\u1ed9ng m\u1edf tr\u00ean d\u1ea3i c\u1ed5ng 56001\u201357002\u200b<\/div>\n<\/li>\n<\/ul>\n
    M\u1ed9t s\u1ed1 IoC \u0111\u00e1ng ch\u00fa \u00fd\u200b<\/div>\n
    File hash\u200b<\/div>\n
      \n
    • \n
      4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a – OpenClaw_x64[.]exe\u200b<\/div>\n<\/li>\n
    • \n
      40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 – svc_service[.]exe\u200b<\/div>\n<\/li>\n
    • \n
      605096b9729bd8eedab460dbd4baf702029fb59842020a27fc0f99fd2ef63040 – virtnetwork[.]exe\u200b<\/div>\n<\/li>\n
    • \n
      6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 – onedrive_sync[.]exe\u200b<\/div>\n<\/li>\n<\/ul>\n
      Domain li\u00ean quan\u200b<\/div>\n
        \n
      • \n
        openclaw-installer.com\u200b<\/div>\n<\/li>\n
      • \n
        hkdk.events\u200b<\/div>\n<\/li>\n
      • \n
        dev.azure.com\u200b<\/div>\n<\/li>\n
      • \n
        api.telegram.org\u200b<\/div>\n<\/li>\n
      • \n
        transcloud.cc\u200b<\/div>\n<\/li>\n
      • \n
        steamhostserver.cc\u200b<\/div>\n<\/li>\n
      • \n
        serverconect.cc\u200b<\/div>\n<\/li>\n<\/ul>\n
        \u0110\u01b0\u1eddng d\u1eabn persistence\u200b<\/div>\n
          \n
        • \n
          C:\\Users\\Public\\\u200b<\/div>\n<\/li>\n
        • \n
          %APPDATA%\\Ledger Live\u200b<\/div>\n<\/li>\n
        • \n
          C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneDriveSync[.]lnk\u200b<\/div>\n<\/li>\n<\/ul>\n
          Registry b\u1ecb l\u1ee3i d\u1ee5ng\u200b<\/div>\n
            \n
          • \n
            HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit\u200b<\/div>\n<\/li>\n
          • \n
            HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run{NetworkManager}\u200b<\/div>\n<\/li>\n<\/ul>\n
            S\u1ef1 b\u00f9ng n\u1ed5 c\u1ee7a c\u00e1c c\u00f4ng c\u1ee5 AI m\u00e3 ngu\u1ed3n m\u1edf c\u0169ng \u0111ang m\u1edf ra c\u01a1 h\u1ed9i \u0111\u1ec3 c\u00e1c nh\u00f3m t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c d\u01b0\u1edbi v\u1ecf b\u1ecdc ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p. Ng\u01b0\u1eddi d\u00f9ng v\u00ec v\u1eady c\u1ea7n \u0111\u1eb7c bi\u1ec7t th\u1eadn tr\u1ecdng v\u1edbi c\u00e1c b\u1ed9 c\u00e0i \u0111\u1eb7t \u0111\u01b0\u1ee3c chia s\u1ebb ngo\u00e0i k\u00eanh ch\u00ednh th\u1ee9c, k\u1ec3 c\u1ea3 khi website ho\u1eb7c giao di\u1ec7n t\u1ea3i xu\u1ed1ng \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf r\u1ea5t chuy\u00ean nghi\u1ec7p. C\u00e1c chi\u1ebfn d\u1ecbch gi\u1ea3 m\u1ea1o installer hi\u1ec7n kh\u00f4ng c\u00f2n d\u1eebng \u1edf vi\u1ec7c ph\u00e1t t\u00e1n trojan th\u00f4ng th\u01b0\u1eddng m\u00e0 \u0111\u00e3 ph\u00e1t tri\u1ec3n th\u00e0nh nh\u1eefng h\u1ec7 th\u1ed1ng t\u1ea5n c\u00f4ng nhi\u1ec1u l\u1edbp, c\u00f3 kh\u1ea3 n\u0103ng n\u00e9 tr\u00e1nh ph\u00e2n t\u00edch, b\u00e1m tr\u1ee5 l\u00e2u d\u00e0i trong h\u1ec7 th\u1ed1ng v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u \u1edf m\u1ee9c \u0111\u1ed9 r\u1ea5t s\u00e2u, \u0111\u1eb7c bi\u1ec7t v\u1edbi c\u00e1c th\u00f4ng tin li\u00ean quan ti\u1ec1n m\u00e3 h\u00f3a v\u00e0 t\u00e0i kho\u1ea3n x\u00e1c th\u1ef1c.
            \n\u200b<\/div>\n
            Theo Cyber Security News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

            M\u1ed9t chi\u1ebfn d\u1ecbch m\u1edbi \u0111ang thu h\u00fat s\u1ef1 ch\u00fa \u00fd c\u1ee7a gi\u1edbi an ninh m\u1ea1ng khi l\u1ee3i d\u1ee5ng s\u1ee9c h\u00fat c\u1ee7a c\u00e1c c\u00f4ng c\u1ee5 AI m\u00e3 ngu\u1ed3n m\u1edf \u0111\u1ec3 ph\u00e1t t\u00e1n infostealer. Tin t\u1eb7c gi\u1ea3 m\u1ea1o tr\u00ecnh c\u00e0i \u0111\u1eb7t OpenClaw nh\u1eb1m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u t\u1eeb h\u01a1n 250 ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ecnh duy\u1ec7t, t\u1eadp […]<\/p>\n","protected":false},"author":20,"featured_media":47951,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[1,24,35],"tags":[],"class_list":["post-47950","post","type-post","status-publish","format-standard","has-post-thumbnail","category-khong-phan-loai","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47950"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47950\/revisions"}],"predecessor-version":[{"id":47952,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47950\/revisions\/47952"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47951"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}