Android Malware: SharkBot
Ғылым және технология
SharkBot, a trojan banker and keylogger android app can bypass 2FA and steal your bank credentials and your money. Watch out!
Get AntiStalker (sponsor): play.google.com/store/apps/de...
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact
Пікірлер: 287
Please do more on Android devices. Also, it would be nice to see how effective antivirus programs handle it on Android.
@crmarketingconsulting
2 жыл бұрын
I second this 💯
@iamwitchergeraltofrivia9670
2 жыл бұрын
Hahah avast the best
@k.l.manring2083
Жыл бұрын
Yes please! Love your videos but I don't even have a computer nor Chromebook etc
@trolojolo6178
Жыл бұрын
Antivirus is a scam on Android. It would only work if your phone is rooted in the first place. But there is no antivir that even is programmed to work on a rooted phone.
@infotruther
Жыл бұрын
I tird it.
Don't install anything unless you absolutely need it and/or trust it's source
This is why I don't use "convenient" apps from the PlayStore, they either don't work or are just there to perform malicious activities.
I m Cyber Defense Professional myself, like the coverage that you provide in a very non technical manner, gonna refer your channel to some of my non IT friends . Thanks Leo
@nghiale-mg2pr
10 ай бұрын
i need the source code of the sharkbot software to study do you have it?
The best antivirus for this ( or any other android malware) is being broke and not have enough momey in your bank account for any kind of transfers. Problem solved. I guess being broke has it's good sides too🤣
@tugrulserhat
2 жыл бұрын
best antivirus for such shit is having a separate phone and sim for 2fa, crypto wallets and sms auth.
@tugrulserhat
2 жыл бұрын
a cheap phone for like 150-200 usd with latest android version would last at least 5-6 years before you need to get a new one.
@RandomBoy_0o0
2 жыл бұрын
@@tugrulserhat I 100% agree with you best advice for preventing malware
@forevr
Жыл бұрын
Can't steal money if you have nothing haha
This is why I never install android "antivirus" because every apps are suspicious on android.
@draculemihawk10
2 жыл бұрын
I agree The only safe AV are the ones from official known companies like Kaspersky or Bitdefender
@akurasubject9617
2 жыл бұрын
@@draculemihawk10 and Play protect.
@draculemihawk10
2 жыл бұрын
@@akurasubject9617 Yes but Play Protect is kinda bad at protection,it's better with a good AV like Kaspersky
@nobodycares3333
Жыл бұрын
Play protect didn't even recognised adware app ( personally tried in test phone) It's trash
@sauliusvitkauskas8741
Ай бұрын
i remember when i got some fake antivirus pop ups on my phone because i was watching not so good stuff on google and i installed one and it just boosted the pop ups, man i was dumb back then
Wait... other than not installing stuff from unknown vendors, how do we defend against this? Can an a/v app prevent the installation? Is there a way to detect the infection? Is there a way to remove it (other than hard reset of the device)?
@akurasubject9617
2 жыл бұрын
Google Play Protect has installation prevention when you install malicious apps. for example when you're trying to install lucky patcher.
@sonyscg
2 жыл бұрын
@@akurasubject9617 yes but the question is how to prevent to run in win11 :D this is funny stuff :D
@GoosePlays20
Жыл бұрын
Safe mode
Its baffling to think that you can even trust the official source of apps...
Excellent vid and info. With more usage of PDAs, think having these type of videos and other mobile devices security threats is important. Thanks for the post. Will share to others
The whole idea of 2FA that its processes happens on actually TWO separate devices, ie the device used for login process are NOT the same with device used for authentication process, but, now with Banking app, the mobile device that used by the app are the very same device that will used for _'separate'_ authentication, pretty much turn the 2FA into 1(& 1)FA.
@MarcosRobertoDosSantosJF
2 жыл бұрын
Yes, a good solution for this problem is having a second (older) phone at home with the 2FA app installed. But the problem would be the inconvenience when you need to unlock something and you are away from home.
I would really like to see how a Samsung phone would react to it as it's by default integrated into the phone a Mcafee antivirus and is the Knox chip inside the phone really provides a slightly better protection or it's just something useless and more of a hole added to the android system?
@leepicstitch
2 жыл бұрын
There's no real way to protect against this type of thing from a secure hardware perspective (that's all Knox is, it's a HARDWARE security bit). This hardware security enables some software features (i.e. secure key storage), but it can't protect you from a malicious accessibility service. There's no way for the OS to tell that the accessibility service is malicious.
@RealNovgorod
2 жыл бұрын
It explains you with 20 big warning messages why it's such a bad idea to grant accessibility permissions to anything. If you still do it despite being told many times how the universe will end if you do, then not even your god will come to your help because you voted for this. We're talking about Biden, right?
@epicchip6071
2 жыл бұрын
Mcafee is actually trash Typing from a samsung phone
@inabyss
2 жыл бұрын
@@leepicstitch technically it cannot invade inside anything that is protected by Knox security. It's like a different phone/environment. However, anything outside the environment isn't safe.
If you're doing more videos, please more explicitly explain that these are not security exploits but tricking the user. * An app can only do what permissions the user grants it * accessibility is the big one. it means allowing the app to control your phone. obviously then it can control your phone. * displaying over other apps is less obvious to a novice I admit. it is meant to show small overlays (like flaoting bubbles), but can be misused to display full screen a fake app over eg. the baking app. To my knowledge, apps can refuse interaction if there is anything overlaying them, a thing all banking apps should do. my bank's app does (if i remember correctly) * even if the app loads additional functionality, that functionality is still limited to the permissions you give the app. i find it important for users to understand this, because then they know what NOT do to. notes: * sometimes apps actually use security exploits * google is getting very strict with accepting apps in the playstore that need accessibility permissions (for the exact reason of how malicious apps use them)
@MF-le7fp
Жыл бұрын
Yeah, of course Google is cracking down on malicious apps in the PlayStore. They can't have others muscling in on their action, now can they? Afterall, they are the king of lying about their own permissions being turned off, when they actually aren't. Ever. Dont believe me? Turn off GPS location in Settings, and then go into Google Maps, and turn off the "location" permission. Then, enable your Android's "Developer Options" capability, and once it's active, click on Running Services. Prepare to have your wig fly off, when you see whats REALLY active 24/7, on that Android. You CAN "stop" these Services (that are supposed to "off" already, anyway). But don't worry, they will auto restart themselves within 5 minutes. Sometimes, within seconds.
Seems like everyday since I've been receiving various articles on security, that hackers doubling down on these attacks, RATs, MitM attacks, everything. Could just be me but there s seems to be a hell of an upswing in the severity and frequency of zero day exploits, ECT, since solar winds was ousted. Again that's probably just me thinking that
Retail wireless consultant here. This got my sub.
this is actually really scary, thanks for sharing the info
Actually Google Play Protect is a potato against malwares. All AV providers have a mobile protection plan which is included in total security plans. I recommend you to install and use.
@KazrBrekker
5 ай бұрын
That's just google's eyewashing technique much like their mic or camera indicator or other tracking preventions. Just for the peace of mind of the average user who might claim what the f is google doing?
Well you can use the 2fa with locking a IP with biomedical data (Fingerprint, FaceID etc.) at least on Android.
Would this still be as risky when using fingerprint to sign into your banking app or if you use an authenticator app like Google Authenticator?
Advanced Android security tricks : Use Lucky Patcher to detect Hidden apps
Great video. I would like to know which AV products detected this on Virus Total.
If only banks would make a device that's used as 2FA... Oh wait it's been a thing for YEARS
Honest question: it just bypasses any "common" 2FA relying on your mobile device, right? So if you use things like an usb-device you have to put in to get into your accounts there's no way for them to bypass that. RIght?
@tugrulserhat
2 жыл бұрын
unless you use it on your phone and the malware also has code to extract 2fa code from such device
@lokololok613
2 жыл бұрын
@@tugrulserhat you mean when the malware is active while the 2fa device is connected?
@tugrulserhat
2 жыл бұрын
@@lokololok613 yea. if the malware is coded to attack the device aswell, it's at risk. if it's just working to get info from phone it's ok
Would love to see Android anti-virus
that sam beckman clips eh? in the sponsor segment
I would love to see a video on how you would set up a virtual or sandboxed machine to place these suspicious apps and scan for viruses. Also, how would you recommend cleaning a suspect device.
@Pedro-fd9tv
2 жыл бұрын
+1 In general I tend to just reinstall the whole system, but a video on how to clean without reformat and how to detect would be nice.
@infernaldaedra
2 жыл бұрын
You guys should also learn that Virtual Machines and Reinstalls are no longer the end all be all. Malware has been able to infect other parts of the system for a long time now.
@ericfromflorida5146
2 жыл бұрын
Thanks for the input. I think from what my question is trying to ask, I'm trying to learn that very specific information. With the advent of malicious root kits among other malicious software, knowing what the current best practices are for 1) testing suspect malicious applications and 2) how to effectively remove and restore a device is what I'm looking for.
thank you so much for these videos
I have found that most, if not all, apps are simply advertising tools.
does fingerprint and/or face recognition stop it from getting password? Also if send 2FA to email will that help as well? Thanks Leo good work bro.
@temp_unknown
2 жыл бұрын
This is a really good question, I hope he answers.
Eu queria ver mais detalhes sobre softwares de segurança responsivos que trate melhor a segurança em dispositivos Android. Formas de invasão e monitoramento tem aos montes, mas gostaria de estar a par dos meios mais atuais. Suas matérias são ótimas.
Does this intercept only SMS messages or does it affect MFA apps eg Duo, google authenticator, as well?
Thanks for bringing awareness
Thank you for the info. All. Videos a great 👍
one question .. android does not allow app installation other than play store by default.. so if this malware is only a downloader and downloads the actual app from their server , how is it going to get it installed ? wouldn't android throw a pop-up saying "app installation from 3rd party application is disabled, please turn it on" ?
@igor11420
2 жыл бұрын
Rewatch video again,dude explained it....basically when u give an app permission it can do everything ,because it acts like user.
would you recommend upgrading to windows 11 now or continue to wait a few more months
Does protecting banking app with fingerprint help against it being hijacked by this malware?
I am actually wondering if theres already a more stronger and more secure type of 2fa honestly we all knew that 2fa will be bypassed but seriously we need a newer and more secure type of protection instead of using 2fa
In my phone, I need to explicitly provide permissions for the accessibility services. Did android change that?
Does Bitdefender mobile security or other mobile security detect and or stop the installation of this?
Make a video on Joker Android Trojan that is also on Play Store
Hey, i have a trouble in my malex, i searched over the internet and i cannot find it. How to check if exe failed to run? its your if(error): but error is not implemented. Can anyone help me?
Thanks for sharing.
So it sounds like the easiest solution would be to log into your banking account via computer- and to use your phone as a second factor. Also don't download the banking app on the phone that would receive the code. Am I understanding that correctly?
@gabrielandy9272
Жыл бұрын
better to not install untrusted apps,
This is why I have trust issues with Android play store
I've evidently got something on my phone. I've got all types of crap on my calendar that I never put on it. It's only for 1 month, the rest are fine. Any information or hell is appreciated!
Android store has very little background checking, as such any bad actor can very easily drop a malware in. As a general rule avoid android Apps. I have to wonder how much this type of App can compromise a Chromebook?
Yes. I want to see android malware and normal AV for android system.
You didn't tell how to clean it from our system and does it also affects windows 11?
very easy to understand and the best it works
This is why i dont install any Bank App on my Phone / do no Online Banking or Banking 2FA on my Mobile Device.
Yep, more videos with Android malware 👍
I wonder if running malware apps on BlueStacks (Best Android Emu for Windows) could find its way into Windows. I don't run it as a virtual Android sandbox but i'm curious if i could safely.
@DragonProtector
2 жыл бұрын
actually bluestacks is not the best. It doesnt like amd at all. Use android studio. Its an official emulator from google itself
@rygull
2 жыл бұрын
@@DragonProtector Correct me if i'm wrong but no instant cloning, multiple instances, syncing instances and resource allocation. I guess i'll have to load it back up again since it's been forever but i doubt it's better unless you're specifically a developer.
@DragonProtector
2 жыл бұрын
@@rygull I only used it for one device and it worked fine. But I have a galaxy tab s7+ now and its doing fantastic
After my oppo phone upgrade to android 12 version recently, I am getting a pop-up to fix malware that it says is infected after opening bank apps
Good to know that! Thanks!
So does this malware only work for notifications / SMS or can it also use extract data from seperate TAN apps (because usually not even the user can make screenshots of those apps)
@leepicstitch
2 жыл бұрын
In theory, it could extract data from any app as it runs as an accessibility service. Accessibility services have access to everything on screen and to all inputs. It's meant for those with limited mobility to make their devices easier to use. Unfortunately, it can also be abused for these evil purposes.
@sutsuj6437
2 жыл бұрын
@@leepicstitch Sure but the hackers would need to know how to use every single banking or TTOP app, if they want to do it automatically.
@leepicstitch
2 жыл бұрын
@@sutsuj6437 Just look for any string of numbers 4-6 characters long.
@sutsuj6437
2 жыл бұрын
@@leepicstitch That could work, but in some apps there might be a lot of words around the actual code, that fit that scheme. And if the hacker is unlucky the bank account could be locked for putting in a lot of the wrong TAN's in a short amount of time.
Super fast and easy tutorial
How can you get rid of this type of maleware? Is wiping the phone enough? I got a second hand phone from an acquaintance and want to take no chances.
@kevinwong_2016
5 ай бұрын
Yes💀
Which android antivirus would you recommend? EDIT: I just found out that some antivirus doesn't have real time protection in their free version. I know security is an investment but I want to recommend to my peers thats just a free version with minimum security features needed
@MMG_
2 жыл бұрын
Windows Defender 😉
@joepjoep9531
2 жыл бұрын
I just told you if you set it up correctly Sophos intercept x for mobile devices will scan every file also possible when charging and warns or block suspicious behaviour and or files immediately the file scanning works really well for android and if you try to download strange apps boom blocked.
@donaldok.886
2 жыл бұрын
Bitdefender or Norton are the top ranked for best detection. I would not trust any other than that. Choose names that have been world industry leaders that have a solid reputation. Also, never use any vendors from an arbitrary country as they are known to have backdoors which leak personal data. In our corporate setting, we only trust Cisco AMP
@joepjoep9531
2 жыл бұрын
@@donaldok.886 trying to tell me Sophos is not solid? Lol
@donaldok.886
2 жыл бұрын
@@joepjoep9531 did I say that?
I love how the video was about fake antivirus acting as malware then at the end, the sponsor is ironically an antivirus.
plot twist the sponsor is have this malware
Recently i tried some Android Notepad-apps and before running them i checked them with a good AV. A third of them were infected. How can i report (flag) them, so other users will be safer?
@fred-youtube
2 жыл бұрын
Report them on play store and virus total
@ApertureLabs
2 жыл бұрын
Visit the app in the play store, click the three dots at the top right, and click "flag as inappropriate" Play Protect is still kind of bad compared to established Android AV solutions so it's always good to report any malicious play store apps.
Hi guys, great video indeed! Glad to see the Sharkbot technical report from our Threat Intelligence Team has been useful for you. For any further questions, we're happy to answer.
new video with checking if Kaspersky blocks it please.
So how does one remove this sort of malware without restoring to factory?
@igorthelight
2 жыл бұрын
Maybe run an antivirus (verified one of course). I would still do Factory Reset tho.
@artisticyeti22
2 жыл бұрын
make a copy of the entire phone somewhere and start trying different ways to try and isolate the malware with paid antivirus(es)
Beyond my scope, but is anyone working on anti-malware software that attacks the attacker? Is that doable?
@leepicstitch
2 жыл бұрын
Doable? Sure, but it's illegal. Edit: and if we were to make it legal to "hack back", it would actually encourage exploit hoarding, which means all of our software becomes less secure.
@artisticyeti22
2 жыл бұрын
it is
Thanks for your sharing
As an android reverse engineer i have worked on this type projects before and i have bypass detection by converting java into c++😅
It would be helpful to know what IS detecting this malware. Does Kaspersky? Does BitDefender?
@hollow8521
Жыл бұрын
I think malware bytes does, you could use virus total tough
That is why I will never do banking transactions on my phone, web especially not bank apps.
Did I miss what it disguises itself as like a game or ?
Does Android Antivirus helps in this kind of situation?
@kevinwong_2016
5 ай бұрын
Yes💀
Whats the best anti virus for android? im currently with kaspersky on both my pc and phone but im not sure if kaspersky's best for android aswell
@bsforyt727
2 жыл бұрын
Kaspersky is good But i would recommend dr. Web
@MMG_
2 жыл бұрын
Windows Defender 😉
@malwaretestingfan
2 жыл бұрын
Dr. Web is the best one, from my experience. I had a phone with a trojan installed inside the firmware, Triada. It continously downloaded adware from Chinese C2C servers. Only Dr. Web detected it among a large basket of AVs, including Kaspersky, and even pinpointed what files i had to remove.
@azeQify
2 жыл бұрын
Dr web 😂 Nah I would stick with Kaspersky or Sophos intercept X
@bsforyt727
2 жыл бұрын
@@azeQify both are good but not great Dr. Web is best right now Verdict comes from a malware hunter and analyst
Hmm then how to view and possibly uninstall or set/block permissions of hidden android apps.
@igorthelight
2 жыл бұрын
Simple way - Factory Reset :-) Hard way - google "ADB install and uninstall apps"
Really helpful
I use only lookout and ESET on my android smartphone for antivirus software, given those are already very established anti malware companies - anything else claiming to be an AV app, I simply do not trust
@pinetworkminer8377
2 жыл бұрын
Is it better to use at least two or more anti-malware apps on your phone?
@Vex22778
2 жыл бұрын
@@pinetworkminer8377 no they can actually interfere with each other and they slow down your device
@mr.hitchens
2 жыл бұрын
@@pinetworkminer8377 You can use one for real time (ESET) and one for scheduled scans (Malwarebytes, Protectstar Ai) will work well. But do both of your apps have advanced heuristics on by default and can't turn off? If yes then the previous poster is correct. Its just two things trying to do the same job, with the same attack vector surface they usually stop each other working or worse! Avoid any Avast products, they are worse than any infection. Eset Nod32 is about as good as it gets if you have to use Windows or Android.
How do you get Windows 11 to run Android apps? Not that I want to infect myself. I'm curious to see if DuckDuckGo browser will work
Can you do a vid involving crypto mining, like how to diagnose if your computer used for mining, and how to resolve it.
I would like you to do a video on the last hack when apple phones are turned off
I foolishly opened a doggy docx file on my android device. Through the gmail app. The office app tried to open it and gave me an error message. Can my device now be compromised?😢
@kevinwong_2016
8 ай бұрын
No💀
How to remove it if i have it on my device ?
How do you install APK by double clicking
Do Practical Vids - Android Exploits
Thanks!
Technically the mic is a type of sensor.
I mean Google keeps trying to force several apps on android and makes them uninstallable and prevents you from seeing them so you can't uninstall/disable them.
@akurasubject9617
2 жыл бұрын
what apps? seems like the phone manufacture's apps not google's.
@Lusc1nt
2 жыл бұрын
@@akurasubject9617 KZread, Play Store, Chrome and other Google services and apps
@Lusc1nt
2 жыл бұрын
you can delete them through ADB tho
How to stop such Malware?
Thanks again
what's the best tools to keep safe on android?
@igorthelight
2 жыл бұрын
Common Sense would be on the first place ;-)
@kevinwong_2016
5 ай бұрын
Anti malware + common sense 💀🗿
Please more Android Malware
I always see these on android ads, i was curious and wanted to install it and find out what it was, i didnt. luckily
Now this is scary
It's not like there's anyone posting the code of these for identifying....
Why does it need access to camera? Is it to spy on you or does it give some other benefits too?
frightening!
Because of these things I am running Sophos intercept X on most android devices that I am helping people to secure. Also on my own iPhone. Many useful functions and completely free even when not used in a business environment.
So... basic question: Can you get a virus/malware on your Android phone without downloading an app?
@spaghettiupseti9990
2 жыл бұрын
Pegasus
@wesleysales757
2 жыл бұрын
Por phishing também, por Whatszapp, por e-mail, por propaganda contendo malvertising etc.
@SECYBERSAFE
2 жыл бұрын
Sure, you can. Malware could be in form of files on your computer not just an app. A pdf file could be malware, an epub file could be malware etc
@sleekbr7666
2 жыл бұрын
@@SECYBERSAFE i guess he is specifically talking of android.
@donaldok.886
2 жыл бұрын
Absolutely, there are many different attack vectors on an Android OS. By simply browsing to a compromised website you can have a dropper install itself behind the scenes onto your device which then calls home and installs the payload, this is called in general terms a Drive-by download. Your browser is one of the most dangerous apps you can have. Then you also have the PlayStore which carries many hidden Trojans via apps. Or if you side load apps you are just asking for it. Then you have sms and email links which can also install malware silently. User education is the best method of protection.
I have seen a different app I have installed that almost did the same thing. Lucky I caught it before it can do anything.
hey can anyone suggest any antivirus im very scared after seeing a few virus computer vids.
3:01 I am NOT DOWN with that.
Will factory reset remove android malwares?
@draculemihawk10
2 жыл бұрын
Yes
@Arush.
2 жыл бұрын
Depends on the virus
@malwaretestingfan
2 жыл бұрын
Depends. Persistent malware like Triada is usually removed by flashing the device with another FW.
How to get this sharkbot?