Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘Android corner’ Category
April 17th, 2014

WordPress plugin vulnerability puts mobile visitors at risk

AVAST finds WordPress plugin redirector

AVAST finds new twist on WordPress plugin vulnerability

Today one of our colleagues came into our office and said, “Hey guys, I’ve been infected.” I thought to myself, yeah, how bad can this be? After a bit of digging we found the results were worth it; it turned out to be a really “interesting ” case of mobile redirected threats localized for each country.

All you need is one bad IP

The case was brought to us by Jakub Carda, a fellow AVAST employee who enjoys blogging in his free time. His WordPress site was compromised through a vulnerability in WordPress, more precisely OptimizePress. OptimizePress is a WordPress plugin that fully integrates itself into the WordPress CMS, helping bloggers optimize their blog’s design. A tiny mistake in the code of a file located in: lib/admin/media-upload.php made it possible for pretty much anyone to upload harmful content onto people’s WordPress sites, and plenty of websites have been compromised because of this.

Read more…

April 16th, 2014

Are software “Easter eggs” safe?

eggs02Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.

“I hate boiled eggs,” Chytrý joked, “but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start.”

Can Easter eggs be malicious?

We’re not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it’s not a huge leap to hiding malicious things. Backdoors, for instance?

“We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it’s without the user’s interaction. Easter eggs have remained harmless; Android apps – not so much,” said Chytrý.

Are there Easter eggs in mobile software?

Android developers have hidden Easter eggs within Android OS.

Easter eggs found in older version of Android OS

“There are Easter eggs in the latest versions of Android,” said Chytrý. “To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android’s version number on the about screen and quickly tap it several times.”

It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.

Read more…

April 15th, 2014

AVAST helps user recover stolen phone; brother gets shot fighting thieves

Shahrukh Humayun's smartphone was stolen

Shahrukh Humayun’s smartphone was stolen

Two brave brothers fight off mobile phone thieves in Pakistan market.

We have heard stories about how avast! Mobile Security’s anti-theft feature has helped people recover their lost or stolen phones, but nothing as dramatic as Shahrukh Humayun’s tale of bravery.

Twenty year old Shahrukh and his 17-year old brother, Shoaib, live in Rawalpindi, Pakistan, the “twin city” to the capital, Islamabad. “Pindi” is a thriving urban area with good hotels, restaurants, museums, parks, and numerous markets and bazaars. It’s in one of those busy marketplaces that their story begins.

Shahrukh and Shoaib went to the market one day and were held up at gunpoint by thieves that demanded Shahruck’s HTC EVO smartphone.  Acting bravely to defend the expensive and precious device, Shoaib fought back against the bandits. They shot the teenager in the leg, stole the phone and fled the scene.

In his own words, Shahrukh described what happened:

Respected Avast! Team

I love the avast! android application as it helped me in catching the thieves who stole my mobile when I was in the market.

The story of the incident is that I visited market with my brother and I had a HTC EVO 3D X515m at that time. The thieves called me on the gun point while the area was empty. They asked me for the mobile and when my brother tried to take action they shot him on the leg.

Well, eventually I received an sms from avast that the sim have been changed. I checked my mobile as the GPS was active. I told the police about the incident on the same day and they found the thieves after 8 hours through the Google GPS connected with avast map.

Thank you avast!. Love you

1044816_478380138915077_764014148_n

Shoaib Humayun fought theives

All of us at AVAST were touched by the courage of these two young men when faced with danger. We are happy that our anti-theft product proved to be so useful in finding and recovering the phone. More than that, we were concerned about Shoaib. How has he fared since the incident?

Shahrukh gave us an update:

My brother is braver than me. As a result of that bravery he showed his best loyalty to me by fighting with those bandits and got shot on his leg. This event have passed 8 months and he got no sign of bruises on his leg. But thank God he is fine.

Thank you avast for helping me fight these bandits against their unlawful behavior for the country.

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

April 7th, 2014

New AVAST survey shows people not so smart with smartphone security.

Smartphone owners are careless about security, says survey.

Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.

AVAST Software mobile security survey

AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…

April 2nd, 2014

Declaring machine war against malicious Android packages

machine_war_theme_jpg

Do you know the notion “machine war”? If you’re a fan of the Matrix movie trilogy then probably, yes. It denotes the fictional rise of artificially intelligent machines against the human race and their violent conquest of human beings. We want to apply a similar dominance of computationally powerful machines, not to create a population of slaves, but against numerous malicious Android packages that wildly proliferate on unofficial markets.

The idea of malware detection with no human interaction appeared earlier on our blog. In a fundamental article about AVAST research activities by AVAST’s COO, Ondřej Vlček, he effectively described the technologies we employ to deal with Windows threats. Two techniques have been mentioned explicitly, Malware Similarity Search and Evo-Gen, both working with Windows PE file format. Sometimes the latter form of detection technique is denoted as weak automated anti-malware heuristic.

The main effort is to reach two slightly conflicting qualities at the same time: The robustness, which means that suggested methods cover as many threats as possible; and simplicity, so that the methods are easily implemented in AVAST’s mobile security solution. The search for balance between those qualities is assisted by lessons learned from automated heuristic for Windows PE executables.

Read more…

March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 31st, 2014

Backup your phones and PCs on World BackUp Day!

Your world is on your mobile devices and PC: Your family photos, home videos, documents and emails. Unfortunately, you can lose it in an instance. For those folks who haven’t backed up their files, that means disaster. Today is World BackUp Day. Be prepared. Backup your files on March 31st.
backup_img

Did you know?

  • 113 cellphones are lost or stolen every minute of every day
  • More men (60%) than women (47%) frequently back up their data
  • Women are more at risk than men if their smartphone is stolen or lost, because they do not protect their personal data and information as well as men do.

back-up men_women
Back up your Android phone or tablet

Malware is a growing threat to the Android platform, but because of the small size of our devices, loss and theft is still the bigger threat. Men are more careful about the safety and security of their cellphones than women. We learned that curious fact from an avast! survey conducted last summer,  Lost or Stolen Smartphone: The Consequences are Bigger for Women Than for Men.

avast! Mobile BackUp is available for Android phones and tablets and comes in two different versions.

  1. 1. The standalone free version provides you with basic backup options: Contacts, text messages, pictures, and call logs.
  2. 2. If you would like to backup music, video, and apps, then you need to buy the Premium version. This can be done later, from within the free version.

Get free avast! Mobile BackUp from Google Play. After you install avast! Mobile BackUp, your current data will be backed up to your AVAST Account and Google Drive.

Back up your PC

avast! BackUp is an online backup and recovery service that allows you to backup your entire computer or select sets of data or individual files you want to back up. You can choose the storage capacity you need, and for a few bucks a month, rest assured that your files are safe in case disaster strikes.

Try avast! BackUp free for 30 days. During that time, you’ll get 25 GB for your files.

March 31st is World Backup Day. Take the pledge now, then take action:

I solemnly swear to backup my important documents and precious memories on March 31st.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 28th, 2014

How to watch American TV when traveling overseas

Question of the week: I don’t want to miss my team play basketball in the March Madness tournament, but I have to go on a business trip to Europe next week. How can I watch US TV when I am traveling overseas?

AVAST_March Madness

This is a great question. TV has never been better, so it’s hard to miss an episode of The Walking Dead or House of Cards when traveling. As for sports – OMG! when you’re team is doing great (Go Gators!), it’s not enough to just read about it online. For our friends outside the USA, March Madness, the annual NCAA college basketball tournament, is in full swing and fans are following closely (think the UEFA Champions League or World Cup.) College basketball fans eagerly follow as 64 teams progress through the rounds to the Sweet Sixteen, the Elite Eight, the Final Four, and at last, the championship game known as “The Big Dance.”

IMG-georestrictionsmWhen in the U.S., you can watch on CBS, TNT, TBS, and truTV, as well as live stream current games and replays through the NCAA March Madness Live web site and downloadable app for mobile devices. But when you’re out of the country, you often don’t have access because of geo-restricted content. You may have seen messages similar to this one from YouTube, that says, “This video is not available in your country.”

20140326_avast_secureline_securely connected via USUse a VPN service to access geo-restricted content

Many expats and travelers use a VPN service to access streaming services while living or traveling in foreign countries.  The VPN (Virtual Private Network) allows you to securely connect to a server of your choice, so that it acts as a “proxy” from a different location than where you are.

avast! SecureLine VPN is one of those services. If you are traveling in Europe, then select a server in the U.S. to access geo-restricted sites. When you log on to CBS, Netflix, Hulu, etc, the service will identify the server as coming from the correct location, and allow you to log on.

VPN adds security when using free WiFi

Another benefit of VPN when traveling is the security you get when using free WiFi at hotels and airports. The VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything – your web browsing history, your email, your IMs, your VOIP, everything –  inbound and outbound through the tunnel is encrypted. Even if your data is intercepted, your identity is protected, since the VPN masks your IP address. Read more about the security aspect in our previous blog, avast! SecureLine protects your Android or iPhone from cybercriminal surveillance.

How to get avast! SecureLine VPN

avast! SecureLine VPN is completely integrated into all of AVAST’s free and premium products and is available for Android and iOS devices and PCs.

avast! SecureLine VPN is available as a monthly or yearly subscription for Android on Google Play, PCs on the avast! website, and an annual subscription for iOS in the Apple App Store.

Ask a question

If you have a question about any of AVAST’s products, please send them to wannabesocial@avast.com. If we answer your question, we will send you an avast! Teddy Bear.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 18th, 2014

Fake Korean bank applications for Android – Pt 3

Recently, we discovered an account on GitHub, a service for software development projects, that has interesting contents. The account contains several projects; one of the latest ones is called Banks, and it has interesting source codes.  The account contains information like user name, photo, and email address, but we cannot tell who the guy in the picture is. He might not be related to the contents at all, it could be a fake picture, fake name, or simply his account may have been hacked, his identity stolen, and the Banks repository created by someone else without his consent. In this blog post, we will explore the source codes in detail.
korea-03

When we downloaded the repository, we found several directories – GoogleService and fake applications imitating mobile applications of five major Korean banks – NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank and Woori Bank.

korea-02

 

We previously published two blog posts with analyses of the above mentioned fake applications.

When we look at GitHub statistics, and Punchcard tab, it tells us what time the creators were most active. From the chart below you can see, that Saturday mornings and evenings and Sunday evenings were the most active times of comments of new versions. It seems that authors of this application do the development as a weekend job. At the time of writing this blogpost, the last update of fake bank applications was in the beginning of January 2014.

korea-20

This is not the first attack against users of Korean banks. About a year ago, we published this analysis.

Conclusion

Github, the web-based hosting service for software development projects, offers a lot of interesting contents, which depending on its settings can be later found and accessed by virtually anyone, including Google robots.  We managed to find the above mentioned repository by simply Googling the strings which occurred in a malicious Android application.

Acknowledgement:

The author would like to thank to Peter Kalnai and David Fiser for help and consultations related to this analysis.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 7th, 2014

Google Play: Whats the newest threat on the official Android market?

Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?

We’ve already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that  is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don’t want to have on your Android device.

Blg1

Starting with the application’s permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.

    <uses-permission android:name=”android.permission.CAMERA” />

Read more…