Google Has a Serious Malware Problem...

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

It's also easy to get malware from weird sketchy games for kids. I've even seen games that required location and camera for no reason.

👍︎︎ 1 👤︎︎ u/kickTM 📅︎︎ Aug 28 2021 🗫︎ replies

Captions

hello guys and gals me mudahar and you might be wondering whoa muda you're really screwing out with the lighting today no i'm not that's because we just got the club back ladies and gentlemen i have to hire like some new staff and everything some good old-fashioned values have to come back i might even get some music tossed in i don't know i'm talking to a few creators but ladies and gentlemen what's more important is the next thing of this video and this is where things get a little dark virus investigation dark oh you can tell with the red lights we're meaning some serious business now ladies and gentlemen uh i wanted to can we get some spooky music in here too all right because what we're about to discuss is a three year long fight between some uh cyber you know terrible people some really terrible hackers some real script kitty type hackers and some of the best people in the security game aka google now ladies and gentlemen in the last couple days i've seen some wild articles sort of pop up all right some of the stuff has been pretty fearmonger-ish and i guess i'll cover it a little bit right here real quick the joker virus has returned to android it can empty your bank accounts without you noticing it and it is hidden in these apps in the google play store and here is google banned this app save your bank account delete it now full checklist right here a checklist we'll all be diving into now ladies and gentlemen something to understand in this entire situation is that as far as most banking applications are considered you are reasonably safe okay a lot of these headlines are really really misinformed in terms of what they're using i guess it's a lot nicer to say they're draining your bank account when in reality your banking and financial applications have even greater levels of scrutiny so don't fear your bank accounts aren't hacked and if you have like ten thousand dollars sitting in a savings account somewhere that's not going away okay so as far as the fud is floating around in this situation i'm going to dull it down right here what's actually happening is something called sms fraud or rather premium sms fraud now if you don't know what this is going on you might actually remember the joker malware see i removed this video during a period where youtube's uh algorithm was getting a little freaked out with like scam videos i had one of my videos strike so i kind of removed a bunch of videos and i'm actually glad that i did because i want to retouch upon this because in the last couple days this malware has shown its rear and ugly face again but the plot thickens even deeper because while the media is calling this joker we should really be calling it bread see this malware is known as the bread family of malware and it is a notorious piece of malware specifically targeting android users and the premium sms services that their phones are capable of by doing this these people are siphoning tiny amounts of money when taken at scale from thousands upon thousands of users millions even we are reaching a critical amount of cash that is flowing from users to a bunch of hackers in parts of the world where enforcement unfortunately isn't really happening to the best of its ability so the best that we can do is to at least give attention to a lot of people out there now don't feel bad if you've been infected by malware like this because it's actually quite sneaky so that being said let's cover a couple things real quick one of the important factors for this entire situation that i want to jump into are things known as fragmentation now to understand there are two big mobile players in the market there's ios and there's android chances are if you have a cellular device it's either from one or the other now for iphone users you don't have to look too far into this for android users this malware is targeting you now to understand fragmentation basically means that people are on different versions of each of these operating systems now for ios the big benefit of it is that because they're on a limited number of devices and every time apple releases a new software update your phone usually gives you a giant bing and tells you hey guy update to the latest ios version now android devices do the same but android being a much more open platform and one that comes in all ranges and sizes has multiple price ranges and multiple devices and because of this you have multiple versions of android running concurrently so to give you an example if you're on the highest end of the spectrum meaning that you have the most expensive samsung galaxy devices or whatever premium android brand exists right now you're probably in the good okay meaning that you're on a very relatively recent android version and you're getting security updates every month now if you're on a mid-tier android device or even a low-tier android device the potential of getting a hack is far larger you may not have the most up-to-date version of android you might not be getting security patches from the person who is vending your phone so in reality it's kind of a crap shoot the people that are mostly affected in this scenario are the individuals that have lower end devices and mid-end devices as far as my research goes now for higher-end devices like i said you're probably fine in terms of security patches but even then to understand how android works is google will work the android source tree if you look back to the actual you know moda phone video that i made i downloaded android from the android source and then i compiled it for a google device now if you have hardware you know proprietary binaries you could compile that same android operating system for whatever device provided you have those you know hardware binaries now in terms of how these large handset manufacturers work they will take android once given and updated by the android developers they will take that source code and modify to their own devices so what actually happens in the scenario is while the most recent version of android comes out it may take weeks maybe months for it to come out to other handset manufacturers and because of this we may have differences in security versioning and what kind of features that we are protected from what kind of exploits that we're necessarily protected from again it's getting better but fragmentation is a key sort of struggle for android users and i personally don't know if we'll ever truly fix it but that's being said why this is important is the applications that we'll be looking into now here they've written according to google's recent report having three or more active variants of joker on their official app market at the same time is very common and at peak times of activity there are up to 23 different versions of joker family submitting to the google play store in one day now to understand where this is kind of coming from are a bunch of things that google has developed so this is google's on device protections right so this is google play protect if you use an android device you've probably noticed on certain apps that it has google play protect to give you a quick understanding is google play protect includes on-device capabilities that help keep devices and data safe these on-device services integrated with cloud-based components allow google to push updates that constantly improve their functionality so if you download applications that are google play verified there's a pretty good healthy check that google has assessed the application and you should be fine that application will not be able to do anything nefarious to your finances to your device and what's so going on again that is to say some things do slip through the crack but generally google is trying to at least combat this now some of the malware categories that they've hit around over here include backdoors billing fraud stalkerware denial of service what we're looking at is billing fraud specifically sms fraud code that charges users to send premium sms without consent or tries to disguise its sms activities by hiding disclosure agreements or sms messages we'll look into this a little closely now again i'm not entirely sure if apple is free from either of this but google as far as i know has multiple sms apps okay you can download a whole levy of them if you felt like it okay because basically because android is an open enough operating system you can use multitudes of applications for a lot of these you know deep ended services so for instance on samsung when i buy a samsung device it comes with samsung's messaging application nothing is stopping me from downloading another messaging application something like say whatsapp i think facebook messenger does text messaging now for android users nothing stopping me from downloading google's own messaging service and using that instead of what samsung provides see the openness is something i can appreciate and in a lot of ways it's what i prefer but of course this level of openness comes at some level of a security cost specifically targeting individuals who may not be as technically aware now what's interesting is google security blocks this is a closer look at what we're actually assessing here so here they're talking about bread which they started tracking in early 2017. bread is basically designed solely for sms fraud now a tldr of the situation is google play protect which we just looked at removed 1.7 000 bread apps from the play store before ever being downloaded by users of course there were some apps that slipped through the crack google is trying their absolute best to monitor their store and this isn't exclusive to just the google play store there are plenty of app stores that exist i wouldn't doubt that the samsung store the amazon app store or various app stores have various amounts of bred malware so the idea is bread apps originally performed sms fraud but have largely abandoned this for billing okay which we'll actually get into following the introduction of new play policies restricting the use of the send sms permission and increased coverage by google play protect so in order to stop this what google initially did was they restricted the sms permission but then they started to switch from sms fraud to whop billing okay so now it's starting to evolve and why google is not able to catch up into this is something we'll look at real quick now one of the questions that i guess people ask is muta why does google allow this on their store and the reality of it is it's a lot harder to remove the stuff than you would think because these guys obfuscate really well we're talking string data api obfuscation whatever and because bread apps typically bury a lot of this malicious functionality in things like messaging applications where sms makes sense in things like photo applications where a lot of these network functionalities make more sense the more you use them see the reason why this doesn't really happen the reason why this gets by so much is that with a large enough store like the google play store or really any android based app store having a bunch of security researchers to audit every single application for bread malware which by the way changes piece by piece by piece like i said earlier there are various variants of this malware floating around google is doing without a doubt the best that they can and without blanket blocking people from using these various services that they allow underneath android there's almost no easy fix to this situation at all again all we can really do is educate people to not download shady looking applications which we have learned throughout history is actually quite difficult to do bread apps sometimes display a pop-up to the user that implies some form of compliance or disclosure basically terms of services how many of you read your terms of services that's a good question but what's interesting is they even lie about what's on there for instance google here says that the app is a place to be and it will feel like a superhero with this new app we hope you enjoy it other versions included all the pieces needed for a valid disclosure message so sometimes they leave out pieces from the disclosure sometimes they keep them in so basically one of the translations google has is apply car racing clip please enter your phone number for service details terms and conditions in 9 baht per day so nine baht for those people who are wondering let's just do a quick translation into usd a quick conversion yeah that's about a quarter now imagine a quarter doesn't sound like a whole lot of money right i know nine bought a day doesn't sound like much but imagine if you had 10 000 users infected and you were sending one sms from each of those users every single day that would be like 90 000 thai bot translated to around 2 700 us dollars see that doesn't see initially if you look at the 27 cents doesn't sound like a lot but if you get even that amount of scale that's how much money you're going to be raking each time you transact from each server each time the command server that's hacked those phones the botnet that it is every time it communicates to those ten thousand you know phones and tells them hey send this amount of money that's how much cash is being sent again multiply it from ten thousand users to maybe even a hundred thousand users that are infected that's what we're looking at that's the amount of money some of these people are making now they also mentioned please stop the v4 printing service and they tell you a number to call now google says there's a problem with that the numbers are not actually real so even if you try to cancel it they're not real and sometimes the billing process still commences even if you never hit a confirm button again they try to make it so seamless and behind the scenes that anybody can fall for this if they run and launch these applications now then you've also got people who launch fair reviews and google gives you some examples like so good very beautiful later deception the app is not honest when the real users start kicking in right of course uh that's why you look at the reviews very carefully if there's a whole lot of five star reviews from when the app launched and suddenly it's all one star reviews run far away that's bad this is an analysis by uh mr cuprins over here who actually did a check of these premium subscription bot malware that's on google play primarily right now you can see that underneath a lot of these applications many times when they're initializing during their splash screen they're oftentimes using this obfuscated code to look through where the person is located so whether they're checking languages your gps locations your your phone number in some cases they're able to find out where you live and be and from this let's say they find out the country you live in they'll send you to an appropriate command server for that specific country again that's to get you signed up onto these premium sms or whop billing services where they're charging you again the 20 cents a day all right it doesn't sound like much but go back to that explanation of scale it's a lot of money here's a good thread by uh by a researcher known as black holes who ended up showcasing a pretty good example right now so on the 23rd of june 2020 he posted this uh specific application language translator right rated pegi3 by the way wouldn't seem crazy it's just a simple language translator again why somebody wouldn't just use google translate through the web i don't know but again that's one of the apps as you can see it's been basically removed it's not there anymore but let's go down the entire situation assessing this application they found out that this one was specifically trying to isolate where the user was from so again if they found out that the target was from malaysia they would send them to a command server for malaysian bot for malaysian act users right by taking you to a command and control server you would download the phase 2 which would then try to get you on a lot of these whop billing services so for those people who are wondering what these watt billing services are well let's look at it real quick these are various urls of these services one of them is oho mobile now what is oho mobile let's open it up real quick now as you can imagine you get a bunch of things okay you can get uh yin yang symbols you can get presents something that i can't show on youtube but what's important here is one of these services so this is a horoscope check right a pretty popular type of wap service or a premium service that somebody would go for now if you click on this you'll go all the way down and what's important here is look at the very bottom in the situation or sorry right here this string of characters we're gonna google translate this and i'll tell you what it reads now here it says three bot per messages sent three messages per day so that excludes the seven percent and the internet service piece so three baht per day now that goes up to nine bots and if they're sending it three times a day that's that's like that's literally a quarter a day that one user is sending so imagine if they have 10 000 people infected in this botnet that again factor in the scale that's why this stuff is profitable if even 5 000 people fall for it let alone 10 000 or 20 000 these people are well in the green okay that's how these scam operations work so i was reading one of these articles again that just came out recently and they showed some of the apps that were removed again these aren't these aren't all the applications these are only some of the applications that google play store eliminated after detecting that they contained the bread or sorry joker malware so here it was auxiliary message element scanner fast magic sms and free cam scanner i think i've learned anytime i see free on the internet to run far away not even just run fly far away now again let's look closer at some of these okay so for instance this is auxiliary message right now these were applications that you cannot download anymore from what i understand right google has removed them in fact let's try to get auxiliary message yeah auxiliary message auxiliary message so you can see that there's like some level of a search history in the algorithm but uh yeah it's effectively removed but that doesn't really mean anything when there's like a million sms apps that exist how many of these could potentially contain the bred malware i don't think we'll know until we get a proper full assessment of them but if we go back into the situation you can see that according to the screenshot that was grabbed some of them had 10 000 downloads so again let's go back to that scale argument 10 000 that's a lot of money free cam scanner got 10 000 downloads 10 000 downloads for element travel wallpapers yes wallpapers always baffle me i can go on twitter right now and download a picture of a million dollar rock jpeg nft and make that my wallpaper i don't need an app to scam me okay i can go on the internet to find myself some really expensive jpegs and have a good time fast magic sms have 5 000 downloads 5 000 downloads in fact the worst performing one here was go messages with only 1 000 downloads i'm real sorry for that one god damn what's also interesting is when people started to chase us this is by invictus europe who actually ended up doing even more research and tried to understand where this applicator where these downloads were coming from how are they getting 10 000 downloads surely it can't be organic well it turns out some people have decided to find out that these were actual advertisements right here on youtube right ladies and gentlemen so for instance one person here shows bob's camera right now these are joker trojans right bop camera and crazy clean in fact if we go and type in bob camera we'll find out very quickly that bop camera doesn't exist but guess what there's like a million camera applications that already do exist how many of these could be compromised that's an interesting story right there again don't download any of these all right they're mostly designed to harvest and steal your data okay a good chunk of the very very unrecognizable ones i'm not saying there aren't any real ones in this list there definitely are but i would never download any camera application that has the permission to use my camera and send files over the internet okay it's just not okay so if we go back to bob camera right this like weird application you can see that it looks like your standard instagram filter application but then the plot thickens turns out there was an advertisement on youtube of all places of bob camera now of course you can see the actual owner lance all right and go back lance it is in fact bop camera the same application but what's interesting is during the youtube ad they really start showcasing some augmented reality measurement mechanics i can almost guarantee you everything that i have that this doesn't exist within the application a lot of these bs applications typically will just copy from one another it's not what the content the content doesn't matter what matters is as soon as you open this application they want to abuse you get you on a whop exploit and now you're suddenly siphoning cash over and away so then you go down even further you'll find outline wallpaper again how much of these are legitimate applications who knows and they're not just doing this on youtube don't take this as just a dig on google or anything these kind of application these kind of advertisements exist heavily on instagram on facebook on twitter on any platform that allows advertisements at all and again if you see an advertisement like this that's blatantly lying please do your best to go to youtube or any of these social media sites and report it to them so they remove these advertisements once and for all ah step box dude that's like the same ad that's the same ad man and look at that some of them have downloads 18 000 downloads 2.4 000 downloads it's wild man now to understand ladies and gentlemen this is how they're spreading these actual applications by hiding them in advertisements getting people to download them this is why people who don't know what they're doing with these devices typically individuals that aren't technically literate or people that don't look into the stuff as deep as me or other people will sometimes mistakenly download these applications and once that's done the bread malware is doing what it's doing and they might end up siphoning this stuff out now to understand ladies and gentlemen again it's not entirely anybody's fault this stuff has gotten so good and so clean that almost anybody can fall for it okay two two weeks ago i almost fell for that youtube scam floating around the adsense youtube scam where they were terminating channels jim browning fell for it and he's the god of scam baiting so to understand this stuff is getting so good that people are falling for it all around again the people that i'm catering to you guys i hope i've talked to you enough to be very paranoid about this stuff okay rightfully so but to the average andy out there who doesn't know anything about controlling their devices or protecting their devices they're the ones that may be the most liable to fall for it again it's also a mention that anytime an application exists you do not have to download it please don't do that please don't download any application don't download every single thing on the app store okay if something looks really shady if something has like spelling errors in its title there's probably a good sign not to download it at all now there's also a few things that you can do depending on the devices that you have since you're on an android device there's nothing stopping you from going up and bringing down your notification drawer going into your little gear menu and inside your gear menu in your settings this might be different depending on what device you have you have to find the app settings right and in the app settings if you click on the three buttons at the top the little extra settings and you go to special access and then you go all the way down this is just for samsung phones it might be different again for your device uh what you want to do is you want to go all the way to use premium text message services and hopefully any app that you don't explicitly want to give those permissions to will not show up in the situation this my friends is a healthy screen nothing is using premium text message services from me so in that case i should be pretty good again make sure to check your devices and the various apps that you have but ladies and gentlemen this was a fun little dive into a piece of malware that frankly is causing a lot of problems it's not emptying your bank account necessarily like a lot of these websites will fearmonger you into believing but to understand if infected by some of these applications you may potentially be sending quarters and again that's provided you're not maliciously infected by multiple strains of the bread malware and you might be siphoning some premium messages some actual tiny micro payments to a bunch of hackers who have basically made a bot net of infected people and are siphoning cash out of them every single day so i want you to really understand this is something you have to watch out for and really it's easy to pin the blame on google on anybody but in reality this really the only way to truly fix this is education and that's what this video is for ladies and gentlemen i hope you have at least understood how to protect yourself the applications that you shouldn't download why you also shouldn't trust a lot of these bargain bin mobile ads for games that appear all over various forms of social media and the internet and as long as you can protect yourself hopefully you shouldn't be infected by this and let's say that you are check your billing very carefully with your cell phone provider or anybody because as long as if you see if you start to see like 25 cents and every single day to some random what service you never signed up for contact your cell phone provider immediately get you check your phone scan it do whatever you have to protect yourself and honestly help pass this video along to like people who don't know any of this stuff anyways so we can protect more people and if you don't want to pass this video along at least take the information that i've given you and help you know educate the people in your family who aren't exactly technically illiterate ladies and gentlemen this is me moodhorn if you like what you saw please like comment and subscribe dislike it if you dislike it this is me mudahar with a juicy little virus investigations and i am out

Info

Channel: SomeOrdinaryGamers

Views: 479,147

Rating: 4.9749675 out of 5

Keywords:

Id: t33M_G00iic

Channel Id: undefined

Length: 24min 42sec (1482 seconds)

Published: Thu Aug 26 2021