Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Author Archive
August 18th, 2014

A look into the future of mobile hacks

crystal ball 1

Mobile malware is maturing quicker than PC threats did.

Mobile malware analyst Filip Chytry looks into his crystal ball and predicts where cybercrooks are headed next.

The majority of mobile malware AVAST has in its database comes from unofficial app stores. As we wrote about in The Fine Line between Malicious and Innocent Apps, infiltrating official app markets like Google Play is rather difficult. Therefore, it is very likely that mobile malware authors will look for other ways to hack mobile devices, which contain a plethora of valuable and sensitive information.

App servers and base transceiver stations (BTS), which enable communication between mobile networks and devices, will most likely be targeted next by mobile hackers. Man-in-the-middle attacks via app servers mean that mobile hackers may redirect communication between mobile app users and the app’s server or infect app users’ by pushing malware onto user devices via the apps on their devices.

Mobile operators should be prepared for a BTS attack, as this may be possible in the near future. Not only would hackers be able to spread malware to mobile users via a BTS attack, but infected BTS could re-route all incoming mobile data.

Another possibility is that hackers could intercept communication between mobile users and app servers. Hackers could retrieve banking details if they intercept the communication between a user completing a transaction using a mobile banking app.

Mobile malware is in its infancy; at the moment comparable to a toddler. Mobile users, security providers, app markets, and mobile operators should brace themselves for the teenage version of mobile attacks.

AVAST will continue to be one step ahead of mobile malware authors, protecting avast! Mobile Security users from malware and other mobile security risks. Download avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

August 14th, 2014

The Fine Line between Malicious and Innocent Apps: Part 2

Malware has increased on mobile devices 900% since 2011. As dramatic as that number is, as we explained in part 1 of this post, your Android device is unlikely to become infected with malicious malware.

Nowadays, cybercrooks use more subtle and insidious techniques to steal money and personal data from you.

hungry-ads

We explained about PUPs and snoopy apps that want too much information from you. Here are a few more sneaky methods that you should be aware of:

Information hungry ads

App developers are not the only information hungry players in the app game. Ad kits can be found in 80% of free apps. Ads are used to monetize free apps, just like websites display ads to monetize. Unfortunately, not all ad networks play fair. Some ad networks collect and share your personal data.

At the beginning of the year Rovio, maker of Angry Birds, came under fire for allegedly sharing user information with the NSA. They, however, denied this and stated that Ad Networks used by “millions of commercial websites and mobile applications” leaked information to the U.S. intelligence agency.

avast! Mobile Premium, the premium version of avast! Mobile Security, includes an Ad Detector feature. This feature provides full details of an ad network’s capabilities. Ad network permissions are mixed in with the app’s permissions, so it is difficult to differentiate where certain information is being sent and who is accessing your device. App downloaders should therefore always review app permissions thoroughly, as app developers are not the only players on the app’s field.

Empty promise apps

There are apps on the market that are not after your personal data, but are more interested in deceiving you for financial gain. These apps trick people into downloading something different than what they advertised. There are various ways this can be done with various levels of severity.

The most innocent of them being seemingly normal apps that when downloaded only display ads, not even offering the service they advertised. We found apps like this around the time of the World Cup. Games like Corner Kick World Cup 2014 displayed a white screen with ads popping up now and then. This is not necessarily malicious, but frustrating and annoying for the user. If the app had been called Ad Roulette it would be acceptable, but app developers gain a small profit from advertisers when users click on ads displayed within their app. Displaying ads continuously boosts the likelihood that users will click on the ads, thus increasing the app developer’s profit.

More malicious and misleading apps warn people that their device is infected, deceiving them into downloading either an app to remove the “virus” on their device or in some cases downloading actual malware. AVAST discovered an adult app, available on an underground app market that forced users to “scan their device for viruses.”. Subsequently, the app displayed a fake version of avast! Mobile Security, which in reality was ransomware that locked victim’s out of their devices until they paid up.

Apps that gain users by offering a solution to remove non-existent infections, on the other hand, may offer a legitimate app, like a security or other category of app, but the tactic they use to gain users is deceitful and unethical.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitterGoogle+ andInstagram. Business owners – check out our business products.

Comments off
August 13th, 2014

The Fine Line between Malicious and Innocent Mobile Apps: Part 1

AVAST has more than 1 million mobile malware samples in its database, up 900,000 from 2011.

Yet the majority of mobile users seemingly have never been affected by mobile malware. Have you ever wondered why that is?

Unmistakably malicious malware, like ransomware or malware that is designed to send premium SMS behind users’ backs, is available on underground hacker forums. Yet truly malicious malware rarely hits the mass market, because they get blocked by security apps like avast! Mobile Security and are not tolerated on the Google Play Store. This protection saves the majority of mobile users from encountering malware, which is why mobile malware seems like a myth to many.

Android

While it may take time for mobile malware authors to successfully circumvent official app market policies, there are less malicious ways app developers are taking advantage of app users. These app developers are taking advantage of the fine line between malicious and innocent apps, using sly tactics to go behind users’ backs.

PUPs – Potentially Unwanted Programs (not as in puppies) 

Apps whose behavior blurs between malicious and innocent are classified by avast! Mobile Security as Potentially Unwanted Programs (PUPs). Apps classified as PUPs act innocently enough to be considered as not malicious, but contain undesirable characteristics, which can be boarder line malicious. Their features can be used maliciously, if the app developer chooses to do so.

Information hungry apps

App developers are allowed to request access to certain functionalities and data on your phone so their app can function properly. For example, a map app can request permission to access your location, to provide you with directions from your current location to your desired destination. Some app developers, however, take advantage of permissions by either requesting additional information or completely irrelevant access from what their app requires.

In March, I found an app that did just this, and at the time of its discovery, it was available on the Google Play Store. The app was called Camera Nocturna, a night vision app that requested much more than access to the phone’s camera. By accepting Camera Nocturna’s permissions, the app also gained access to contacts and the permission to write SMS, which it used to send premium SMS behind users’ backs. The app has since been removed from the Google Play Store.

Always use caution when downloading apps, and pay careful attention to the permissions the app requests. If the permissions don’t seem to match the app’s functionalities, don’t accept them. Google has recently changed the Android permissions section in the hopes of making app permission requests simpler. Despite this, app downloaders should remain cautious. The change by Google groups permissions into categories. This allows apps to receive new permissions automatically, without being explicitly granted permission by the user if the permission falls under the same category as a permission that was previously granted by the user.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitterGoogle+ andInstagram. Business owners – check out our business products.

Categories: Uncategorized Tags:
Comments off
May 29th, 2014

Beware, soccer fans: Not all apps are team players, some shoot for more!

The World Cup in Brazil is just two weeks away, are you in the soccer spirit? The AVAST mobile malware team and I have tournament fever and have been downloading games and other soccer related apps from the Google Play store. We unfortunately noticed that some of the fun apps we downloaded weren’t as entertaining as we thought they would be…

AVAST detects fake soccer gaming app: Android:FakeViSport

Some of the Android gaming apps we downloaded primarily displayed ads instead of letting us play. Let me just point out a few from many. We were unable to play Corner Kick World Cup 2014 at all because it displayed nothing but a white screen, with ads popping up now and then. This app struck me as odd from the get go. When I checked the size of the app I noticed it was really tiny, less than 1MB. What kind of game can you expect from an app this size?! What is even more interesting is that the game is made by a developer called VinoSports. If you check the rest of his apps offered on Google Play they are all the same – just blank applications stuffed with advertisements.

Vinospots

wideThis is unfortunately a quite common and sneaky way for developers to make some money. With applications like this, the only person who benefits from them are the developers. They may get some money if you actually click on the ads their apps display. We decided to block apps from VinoSports. From now on, they will be detected as Android:FakeViSport. They are fake applications in that they pretend to be something desirable, but they aren’t.

Some apps are in the gray zone

The second app I would like to mention is Fifa 2014 Free – World Cup. The app comes from a pretty big developer, “Top Game Kingdom LLC”, who has plenty of apps on Google Play and other stores. This however does not mean the app should be trusted. Fifa 2014 Free – World Cup, can be considered, at the very least, suspicious.

As for the app Football World Cup 14: The application’s installation package name doesn’t have anything to do with the name of the app itself. The app is called Football World Cup 14, yet its installation package is called “com.topgame.widereceiverfree”.Football World Cup 14, also known as “Widereceiverfree” requests access to information that has nothing to do with the app’s function, like location, call log, and to other accounts on the phone.

Weirdly enough the Football World Cup 14′s developer has even more applications on the market, most of them behave similarly. They pretend to be something different than what they really are. In the end you might get something that can be considered a game, a game with plenty of obstacles such as and with permissions that could easily misuse personal information.

Tom game kingdom

Apps that display ads are not necessarily malicious. Plenty of apps, especially free apps, are funded by ads. They can, however, be annoying, particularly when they don’t go away and prevent you from using the app itself. Apps that access more information from your phone than they need to function seem harmless, especially since there is no visible evidence of this happening, but they can cause more harm than you may think.

We recommend you to take a closer look at the apps you download during tournament time, be it gaming apps, live streaming apps or apps that allow you to bet for your national team, to make sure you stay safe and as ad free as possible!

Things to look out for when downloading apps:

  1. Make sure you download from official apps markets. Many of our mobile malware samples come from unofficial app markets, only very few come from the official Google Play store.
  2. Download official apps you can trust. Google Play is an open and developer friendly platform, which is why it contains a plethora of apps. We totally understand why people are sometimes overwhelmed with all the apps they can choose from, we found over 125 vuvuzela apps on Play! We recommend users play it safe and download official apps from developers they can trust. Trusted developers appreciate their users, meaning they want to provide them with a quality product, not one that is flooded with apps. FIFA has a great live score/news appand EA Sports has an official FIFA gaming app.
  3. Compare app functionalities to the access they request. Some apps need access to certain data on your device, a map app needs access to your location so it can give you directions. App access requests start becoming suspicious when for example your vuvuzela app wants access to your location. Unless your new vuvuzela app uses your location to determine what country you are in to then play your country’s national anthem, why does it need to know your location? Always be cautious when giving apps access and make sure the requests make sense depending on what the app does. You don’t want to carelessly hand over sensitive information that could later be used against you.
  4. Read user comments. You can’t always trust what people write online, but if multiple people really appreciate or dislike an app you can get a good idea of whether or not you should download it based on the feedback they give.

Our mobile security app avast! Mobile Premium has an Ad Detector feature. Ad Detector finds out which apps are linked to ad networks and provides details of their tracking system, so you have a full overview of all the ad networks contained within your apps.

You can download avast! Mobile Security for free from Google Play or for additional features, like Ad Detector, you can download avast! Mobile Premium for $1.99 a month.

 

 

April 17th, 2014

WordPress plugin vulnerability puts mobile visitors at risk

AVAST finds WordPress plugin redirector

AVAST finds new twist on WordPress plugin vulnerability

Today one of our colleagues came into our office and said, “Hey guys, I’ve been infected.” I thought to myself, yeah, how bad can this be? After a bit of digging we found the results were worth it; it turned out to be a really “interesting ” case of mobile redirected threats localized for each country.

All you need is one bad IP

The case was brought to us by Jakub Carda, a fellow AVAST employee who enjoys blogging in his free time. His WordPress site was compromised through a vulnerability in WordPress, more precisely OptimizePress. OptimizePress is a WordPress plugin that fully integrates itself into the WordPress CMS, helping bloggers optimize their blog’s design. A tiny mistake in the code of a file located in: lib/admin/media-upload.php made it possible for pretty much anyone to upload harmful content onto people’s WordPress sites, and plenty of websites have been compromised because of this.

Read more…

March 7th, 2014

Google Play: Whats the newest threat on the official Android market?

Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?

We’ve already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that  is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don’t want to have on your Android device.

Blg1

Starting with the application’s permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.

    <uses-permission android:name=”android.permission.CAMERA” />

Read more…

January 29th, 2014

How are you doing Mr. Android?

First of all, I would like to shift your attention a bit backwards. No worries! This is not a history lesson or something from the ancient past.  Rather, I would like to share with you folks some Android statistics from the last two years. Hopefully, it will give you a better idea about which malware is spread around the most. By the way, if growth of Android malware was on the stock exchange and you had invested some money in it, you would have become a billionaire a few months ago. So let’s check out some graphs!

cumulative samples 2

In the first graph you can see how many samples we have to process in our databases. It shows dates between 2010 through the end of 2013. Pretty nice growth, isn’t it? By the end of 2013, we had almost 800,000 unique suspicious Android samples which we had to process and cover in VPS updates.

detections

In the second graph, you can see the TOP 10 detections of malware families we have seen during the last half of the year. The majority are fake applications or data stealing apps. This group of malware can really easily mess up your device. Data which is mined from these apps can be used against you. Last year, I blogged about a few examples which we saw infecting devices – but that was just a piece of a bigger pie.

What might be strange in the second graph is that four of the top ten have something to do with SMS sending. That means they are able to steal your money using SMS messages. That’s probably the most common way for mobile cybercrooks to quickly steal money. For malware programmers, it is really easy to access those parts in devices and send premium messages.

I hope that even skeptics will agree that protecting your device from malware threats is necessary these days. :) Try avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

October 23rd, 2013

No pleasure from this adult app – only pain

A few weeks ago, I discovered and Julia warned you about a fake AVAST application which was infecting smartphones. It was hidden behind adult apps and was pretty nasty. Here is some detailed information about it.

First of all, if you look for adult applications (also known as pleasure applications J ), you can find tons of them.  Some apps, especially those offered on unofficial markets, are infected by malware;  in the case of the fake AVAST app, it was ransomware. The same scenario commonly plays out – after installation when you play the application for the first time, you get infected and blocked from using your phone.  The app asks for money to unblock you phone. That’s typical ransomware behavior.

The clues are easy to spot

You are looking for a adult application and run across something called AVASTME.NOW.  What the hell is going on here, you might think? The fact that an adult app is named after the world’s most trusted antivirus might be your first clue that something is wrong. But you install the app, even though it’s a pretty weird name for an app designed for adults. Luckily, after the installation you get an icon on your device called Porn Hub, so you start to feel satisfied you actually got what you were looking for. So let’s play it!

icon

But this satisfied feeling does not stay forever. After the first few clicks, the application announces your phone must be checked for viruses. That‘s the second big clue that something might be wrong. Normal applications do not check your phone for viruses.  But you don‘t have any choice, so you continue. That’s when you see a fake avast! Mobile Security interface which is almost identical to the original.

install 3

fakeAvast4install2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here comes a third clue for sharp-eyed users: All the detections you see on the screen use a different format than AVAST. But it‘s already too late to stop the app. In the next step, you are asked to pay $100 to clean up your phone.  And your device is locked.

fakeAvast5fakeAvast7

Sloppy, but effective

This ransomware is easily packed, and it’s apparent that the creators tried to do it as quickly as possible. Strings of detections don‘t have any kind of background, and it appears that it used randomly generated names from multiple antiviruses, as you see in the screenshot  below. They were even too lazy to clean up unnecessary icons from the package, so you can find a picture of a cat in it (maybe it‘s the unhappy cat of some of the creators? :)) Even though the app was sloppily done, the cybercrooks were successful and earned/stole large sums of money.

kocka11

This is just one example of the many applications out there waiting to steal money from you. It doesn’t have to be for adults only; basically any application might be misused against you. That‘s why everyone should be a careful and download applications only from trusted sources.  Because malware like this is increasing, it especially prudent to use some kind of antivirus protection.  We suggest (the authentic) avast! Mobile Security, available from the Google Play store. It’s free! You never know when you will get something like this, so install it today on your Android device.

SHA:
0768724FFD5B78F1F510E5C5C87181534E61A35D04BFCD29946D9DBB305BF275
F9D4CE9174F1A57C3D335E467A5079BF3CA87F00EB6B996B8EAF21E0D6F54BDD

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

 

Categories: Android corner, Uncategorized, Virus Lab Tags:
October 4th, 2013

What’s hot on VB2013? – Day 3

Today is unfortunately the last day of the Virus Bulletin 2013 conference, but it has definitely been memorable. Last night, a gala dinner was held that went on into the wee morning hours. During the dinner there was a classic performance from a dancing cabaret group and a delicious meal was served. And as continuing the tradition for VB conferences, after dinner all the participants moved to our avast! Beer Bar and attempt getting their results to a higher level.

Today’s speaking line-up was concentrated on sophisticated malware on the Windows platform, online threats, and botnets. The afternoon panel discussion was moderated by Pedram Amini, our new AVAST colleague who joined the team a few weeks ago with the acquisition of Jumpshot. The discussion was about cyberwar and what we as a security industry can do about it.

Finally, the most important information: In the first blog chronicling this event, we mentioned the 7th IT Security Table Football World Championship. I asked you to wish us luck, and now I thank you for that! It definitely helped us a lot! And here are the final results!

1. Gdata – Germany

2. Avast – Czech republic

3. Microsoft – USA

Hurray, we came in second! From such a big competition, it’s a great success for the avast! Virus Lab team, and one that we hope our colleagues (and our boss) will appreciate. For example, by buying a new football table for our office! To be ready to reclaim the AVAST honor at VB2014, we need to increase our practice time! (Next year, Gdata. Next year…)

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

 

Categories: General, Marketing, Uncategorized, Virus Lab Tags:
Comments off
October 4th, 2013

What’s hot on VB2013? – Day 2

We had a second day of VB 2013, and today can definitely be classified as an Android day. Most of the presentations from first three blocks were concentrated on Android threats, potential unwanted applications and Adkits. This gave a strong signal that everyone should take Android security very seriously. Every big antivirus vendor has their own Android security applications, but a main point for me personally was that we should cooperate and share information to fight malware effectively.

In the last presentation block of the day, there were two presenters: First was Milos Korenko with his presentation The Best Things in Life are Free.  I have to admit that listening to Milos is really inspiring. His high level public speaking abilities combined with the fact that he was speaking about such a good company as Avast made it one of the best presentations of the day.

During Miloš’ speech there were two hidden surprises. First, we announced the winners of the beer competition from Virus Bulletin 2012 held in Dallas. The top three from VB2012 are:

1. Dmitry (McAfee)

2. Jiri Bracek (AVG)

3. Roman Kovac (ESET)

The second surprise was from my colleagues in the avast! Virus Lab,  Jaromir Horejsi and Peter Kalnai. Milos finished his speech quite quickly so he could share his free time with our analysts. They presented Are Linux desktop systems threatened by Trojans? Their talk, based on a blog post Hand Of Thief threat, published at the end of August, extended some philosophical thoughts about a real potential for Linux Desktops.

The avast! Beer Bar is open again! On the first day of VB2013, we spent an evening socializing with other colleagues. You can check our website for the beer rankings and see which IT security company has the best score.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.