Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘Android corner’ Category
March 3rd, 2014

Fake Korean bank applications for Android – part 2

In February, we looked at the first part of the fake Korean bank application analysis along with Android:Tramp (TRAck My Phone malicious Android application), which uses it. In this blogpost, we will look at another two Android malware families which supposedly utilize the same bunch of fake Korean bank applications. At the end of this article, we will discuss the origin of malware creators.

Analysis of Android:AgentSpy

It is interesting to search for references of bank applications package names – KR_HNBank, KR_KBBank, KR_NHBank, KR_SHBank, KR_WRBank. One reference goes to a malicious application called Android:AgentSpy. The infection vector of this application was described by Symantec, contagio mobile and Alyac. We will not delve into details, we will just mention that the malicious application is pushed to a connected mobile phone via ADB.EXE (Android Debug Bridge). The uploaded malicious file is called AV_cdk.apk.

Android:AgentSpy contains activity MainActivity and several receivers and service CoreService.

BootBroadcastReceiver

Monitors android.intent.action.BOOT_COMPLETED and android.intent.action.USER_PRESENT and if received, starts CoreService. It also monitors attempts to add or remove packages – android.intent.action.PACKAGE_ADDED and android.intent.action.PACKAGE_REMOVED.

CoreService

1) Calls regularly home and reports available connection types (wifi, net, wap), IMSI, installed bank apps

2) Regularly polls C&C and responds to the following commands

sendsms – sends SMS to a given mobile number

issms – whether to steal received SMS or not

iscall – whether to block outgoing call

contact – steals contact information and upload them to C&C

apps – list of installed bank apps

changeapp – replaces original bank applications with fake bank applications

move – changes C&C server

PhoneListener receiver

Moniors new outgoing calls. If android.intent.action.NEW_OUTGOING_CALL is received, information about the outgoing call is sent to C&C.

Config class

Contains C&C URL, name of bank packages (String array bank), name of fake bank packages (String array apkNames). It also contains reference to conf.ini configuration file.

koreanbanks_agentspy_config

Analysis of Android:Telman

One more Android malware family, which uses fake bank applications is called Android:Telman. Similarly to Android:Tramp and Android:AgentSpy, it checks for installed packages of the above mentioned banks. Read more…

February 26th, 2014

Lost your phone? avast! Anti-Theft helps get it back!

Our AVAST mobile security developers labored over an ingenious feature that we hope you will never have to use. Losing your mobile phone may cause you to have a panic attack and cry uncontrollably, but if it happens to you, you can dry your tears because you have tools to find your phone when you install avast! Free Mobile Security with Anti-Theft.

What is avast! Anti-Theft?

avast! Anti-Theft is a separate program included in avast! Free Mobile Security. You can install it at the same time as the avast! Mobile Security product, or later as a separate installation. Its unique capabilities help you recover your phone by controlling it remotely with SMS commands or via the internet by logging in to your AVAST account.

Since Anti-Theft is a stand-alone application, once its launched, it hides itself, making it completely invisible to a potential thief. Read more…

Comments off
February 26th, 2014

Mobile Security: Your best protection is constant protection

IMG_20140225_122105

avast! doesn’t stop the NSA, but it helps you BE COOL about it

More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.

Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkel’s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies;  and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.

Unprotected WiFi presents a real and present danger

Edward Snowden’s recently leaked documents revealed that the Canadian government’s intelligence agency, CSEC, collected data from travelers who connected to unprotected WiFi at Canadian airports. Read more…

Comments off
February 24th, 2014

AVAST demonstrates everyday security techniques at Mobile World Congress!

MWC2014Mobile World Congress (#MWC14) starts today in Barcelona, Spain! It’s an exciting and must-visit event for the entire mobile industry, and of course, the AVAST mobile security team is participating.

Between February 24th-27th, visitors to AVAST booth – 5K29 in Hall 5 will learn how to stay safe from spying eyes and rampant security flaws including Apple’s recent exploit. We have prepared an interesting program, including live previews of all avast! SecureLine VPN and avast! Mobile Security features.

At the booth, the multi-lingual team will educate visitors  about how AVAST’s various security products (for PC, Android, and iOS) can protect you from malicious programs regardless of origin or type, including malware from governments and official institutions. Products on display are:

avast! Secureline VPN

Visitors will learn how to use avast! Secureline VPN to anonymize public WiFi browsing.  SecureLine is effective protection against hackers and spies accessing personal data and browsing activities as well as the threat of “man-in-the-middle-attacks” from the recent Apple SSL encryption bug.

avast! Mobile Security

The AVAST team will teach you how to use avast! Mobile Security to protect your Android devices from spies and hackers, avoid data loss, as well as defend against device theft, and malicious programs – including spy-agency malware that is whitelisted by others.

avast! Anti-Theft

The team will also explain how avast! Anti-Theft works. You will learn how to view the location of a lost or stolen phone, activate an alarm, delete personal data to prevent unauthorized access, and even take photos of any thief and record their voice in order to recover a stolen device.

For the press

Journalists interested in speaking to an AVAST expert at the Mobile World Congress in Barcelona, can meet up with our Security Experts.  To arrange a meeting, contact our PR manager Marina Ziegler via email at ziegler@avast.com or tweet her at @Marina_Z.

Comments off
February 17th, 2014

Fake Korean bank applications for Android – PT 1

About a year ago, we published this analysis about a pharming attack against Korean bank customers. The banks targeted by cybercriminals included NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank, and Woori Bank. With the rise of Android-powered devices, these attacks now occur not only on the Windows platform, but also on the Android platform. In this blogpost we will look at a fake bank application and analyze several malware families which supposedly utilize them.

Original bank application

We will show just one bank application for brevity. For other banks the scenario is similar. The real Hana Bank application can be downloaded from Google Play. It has the following layout and background.
korea-08

Read more…

February 5th, 2014

Back up your data with AVAST!

Did you ever lose your mobile device? Or did you ever accidentally drop it and could not restore your contact details, pictures, text messages? Perhaps you forgot that you have your brand new smartphone in your pocket, when you decided to jump into the pool during your vacation? We hope nothing like this has ever happened to you, but as they say forewarned is forearmed!

We thought of those possibilities at AVAST and came up with excellent solution: avast! Mobile Backup. It does magic: Saves your contacts, call logs, SMS history, photos, and other irreplaceable data to your AVAST Account (and, optionally, Google Drive) to ensure that your priceless data is never lost!

avast! Mobile Back is available for Android mobiles and tablets and comes up comes up with two different versions. The standalone Free version provides you with a basic backup options: Contacts, SMSs, pictures and call logs. For users who require more advances features such as backing up your music, applications and videos, we offer avast! Backup as a part of premium package, coming with avast! Mobile  Security.

Watch how avast! Mobile Backup works! 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
January 31st, 2014

How to use avast! Mobile Security: Privacy Advisor

howto2_enAt AVAST we work hard to improve your security and privacy. Mobile malware is increasing. If you aren’t yet convinced that this is an issue, please read the latest blog from the avast! Virus Lab, How are you doing Mr. Android?

Nowadays, besides the traditional way to get money – sending premium SMS – the collection of personal info and browsing habits are also trending. How do cybercrooks monetize this data? Managing the ads that are shown in your smartphone or tablet, suggesting apps, sending offers by email or displaying them in-apps.

If you use avast! Mobile Security, then you can run a Privacy Advisor scan to categorize all the apps in your device:

  • Collect location information: Because of their nature, some apps need to capture your location. These would be GPS navigation tools, outdoor sports tracking and weather apps, for example. Some of them do it for statistical reasons. However, the majority of them do it just to customize local (targeted) ads.
  • Collect device or mobile network information: Some apps use the device info for developer and statistical reasons. Your mobile network info is also captured.
  • Collect user behavior data inside the app: This data are mostly useful for the developers as they adjust and customize their own apps according to their customers’ use, and to separate free from paid features.
  • Show in-app banner advertisements: This is an annoyance. Impatient users could drop the use of the app due to this kind of ad.
  • Show in-app full-screen advertisements: This is a huge annoyance and if it occurs, it is an invitation to uninstall the app. This is why the developers only show them a few times while the app is running Read more…
Comments off
January 29th, 2014

How are you doing Mr. Android?

First of all, I would like to shift your attention a bit backwards. No worries! This is not a history lesson or something from the ancient past.  Rather, I would like to share with you folks some Android statistics from the last two years. Hopefully, it will give you a better idea about which malware is spread around the most. By the way, if growth of Android malware was on the stock exchange and you had invested some money in it, you would have become a billionaire a few months ago. So let’s check out some graphs!

cumulative samples 2

In the first graph you can see how many samples we have to process in our databases. It shows dates between 2010 through the end of 2013. Pretty nice growth, isn’t it? By the end of 2013, we had almost 800,000 unique suspicious Android samples which we had to process and cover in VPS updates.

detections

In the second graph, you can see the TOP 10 detections of malware families we have seen during the last half of the year. The majority are fake applications or data stealing apps. This group of malware can really easily mess up your device. Data which is mined from these apps can be used against you. Last year, I blogged about a few examples which we saw infecting devices – but that was just a piece of a bigger pie.

What might be strange in the second graph is that four of the top ten have something to do with SMS sending. That means they are able to steal your money using SMS messages. That’s probably the most common way for mobile cybercrooks to quickly steal money. For malware programmers, it is really easy to access those parts in devices and send premium messages.

I hope that even skeptics will agree that protecting your device from malware threats is necessary these days. :) Try avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

January 8th, 2014

Mobile malware a real threat in 2014

50m_enSecurity industry experts from around the world must have been looking in the same crystal ball to make their predictions for the new year, because everyone agreed that mobile exploits and malware would drive growth for the industry in 2014. Mobile attacks will include malicious software that steals data from legitimate apps, spyware, ransomware and software installed via NFC.

Ondrej Vlček, AVAST’s Chief Technology Officer, agrees with the others, and has evidence to back it up, “We see nearly 2,000 new malware samples on Android every day, and this is up from maybe 50 a year ago. It’s quite likely that the trend will continue.” He explained in an article in SC Magazine that Android has reached a critical mass in terms of penetration and market share, therefore it’s an attractive target for cybercrooks.

This news has not escaped security journalists, and many are recommending security apps to protect Android devices. TechAdvisor, powered by PC Advisor, the UK’s number one technology magazine website, recently recommended avast! Mobile Security as one of it’s Best Android antivirus: 6 best cheap and free Android security apps.

avast! Mobile Security is a comprehensive suite of security and backup tools, with a particularly strong set of anti-theft features that could well catch a thief in the act.

Digital Trends looked at three of the top Android security apps. Avast! Mobile Security was their top choice.

If you’re looking for a security solution for your Android smartphone, and your primary concern is malware and safe browsing, then this could be the right app for you.

AV-Test certification Nov2013

Avast! is a trusted choice – over 50 million devices are protected.

The November 2013 mobile security evaluation conducted by AV-TEST, certifies that avast! Mobile Security provides 100% protection against malicious apps with zero impact on your device’s performance. That means no impact on your battery life, the app doesn’t slow down your device, and it generates negligible traffic.

Read more…

Comments off
January 6th, 2014

Smartphones need protection in the Middle East and Africa

The mobile landscape in the Middle East and North African (MENA) regions are changing at a phenomenal speed. Nearly 526 million people in the region will have a mobile handset this year with only the Asia-Pacific region having more mobile users – both significantly more than in North America or Western Europe.

AR AMSpost-enSmartphones are the most desired devices among students and young professionals (18 to 34 years old), with the Android platform being the most popular, which means that security protection is essential.

“Especially if you are running an Android device, you absolutely need to install a security product,” said Ondrej Vlček, Chief Technology Officer at AVAST Software. “Our developers continuously keep an eye out for emerging security issues in order to invent new solutions to provide our customers with bullet-proof protection. With avast! Mobile Security we catch smartphone thieves in the act and we safeguard customer’s valuable personal information,” said Vlček.

AVAST detected an average of 1,839 new mobile malware samples a day, about 60 to 70% of which were designed to send and charge mobile users for premium SMS.

infographic-Trendingdig

Middle East consumers’ interest

What security risks do users in MENA face?

Consumers in the MENA regions are similar to other consumers in their interests. Seventy-nine percent say that they will shop using their smartphones. Games and weather apps are the most popular, followed by social networking apps. Overall, 83% of the 100 most popular apps are associated with security risks and privacy issues, therefore it is expected that there will be a growing need throughout MENA for security applications such as avast! Mobile Security.

avast! Mobile Security is the top-rated mobile security app by users in the Google Play store, by leading technology publications and by independent testing organizations. In addition to AV-Test’s certification, PC Magazine and Laptop have rewarded avast! Mobile Security with Editor’s Choice awards.

Looking for AVAST software solutions in Egypt? Softex Software House has been an AVAST partner in Egypt for more than four years, and is ready to serve you. Read their latest press release about avast! Mobile Security.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off