Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘Android corner’ Category
May 7th, 2014

Fake government ransomware holding Android devices hostage

Ransomware, which has already made its rounds on Windows, is now increasingly targeting the Android operating system. A new piece of mobile malware claiming to be the government under the name Android: Koler-A is now targeting users.

We have full control of your phone – give us $300 and we’ll give it back

Obrázek 1-1

The ransomware is pushed automatically from fake porn sites visited by Android users via a malicious .apk file that appears in the form of an app. The innocent appearance of the app deceives users and is a powerful social engineering tactic used by malware developers to trick people into installing malicious apps. The form of delivery is not the only thing that makes the app suspicious and potentially dangerous, but the access it seeks are highly unusual and alarming. The ransomware requests full network access, permission to run at startup and permission to prevent the phone from sleeping. Once installed the granted access allows the ransomware to take control of the device. The full network access allows the malicious app to communicate over the web and download the ransom message that is shown on the captive device. The permission to run at startup and prevent the phone from sleeping fully lockdown the phone, preventing victims from escaping the ransom message.

The ransomware localizes fake government messages, depending on the users GPS location, accusing them of having viewed and downloaded inappropriate and illegal content. What does the ransomware do next? Demands ransom of course! The ransom to regain access to the device including all of its apps, which it claims are all encrypted, is set at around $300 and is to be paid through untraceable forms of payment such as MoneyPak.

avast! Mobile Security safeguards against ransomware

Both AVAST’s free and premium mobile security apps, avast! Mobile Security and avast! Mobile Premium, protect customers from falling for the devious apps containing ransomware. AVAST detects this ransomware under the name Android: Koler-A and blocks its execution.

We recommend that everyone be cautious when downloading apps, especially from unofficial app markets. We also urge users to not open any files that have been downloaded to their device without their consent. Always check what apps want to access and in addition to being cautious, we advise people download antivirus to protect their devices. This new ransomware appearing on Android is the perfect example of how malware is starting to move away from the PC environment and into our pockets and there are no signs of this slowing down.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

Comments off
May 5th, 2014

The 10 Commandments of Mobile Privacy

From governments to thieves to your wife – it seems that everyone has access to your private data.

avast! Mobile Security anti-theft helps track your lost phone

If you have a smartphone or tablet, people around you can discover your most deeply held secrets. You put all your private data and personal information there and… it’s at risk. The possibility of losing your phone or getting robbed is a major concern.

Is there anything that we can do to protect our private data? Some skeptics say no. I’m an optimist; I think there is always a way. Working for a security company makes us think that there is always a way to protect ourselves, to avoid danger, and to care about other users.

Lock your apps for privacy with avast! Mobile SecurityI’ve being collecting info for what I call the 10 Commandments for mobile privacy. Here are simple steps to help protect your privacy:

  1. 1. Use a PIN, password or pattern in your device. I’m lucky to have a phone where the numbers change their position on the screen and make the lockscreen even more secure. There are some apps that make your password “random” (obeying rules you’ve previously set).
  2. 2. Lock your most private apps. Lock your log in data but also your own messages, emails, personal notes, contacts, everything is in your pocket. offers the feature to secure even more sensitive parts of your device with the avast! Mobile Security App Locker that automatically asks for a PIN when you start the app.
  3. 3. Do not save banking or credit card credentials in your phone or, at least, not in the mobile browsers. Some banks, at least here in Brazil, have their own mobile app that never saves the passwords or PINs. Now, for Android, there are free password managers that adds a new security layer while browsing.
  4. 4. Do not be a happy clicker. People who expose themselves to scams or spam links, who download each single app they see from any kind of source put themselves at risk. OK, you’ll say this is not you. But, do you think twice on clicking in social media links or shares?
  5. 5. Do not take, send, save or share nude photos. No, this is not a moral commandment. It’s a privacy one. Read more…
Comments off
April 30th, 2014

You dropped your phone in the swimming pool. Now what?

avast tips help save your wet phone

At least it wasn’t dropped in the toilet!

How to save a wet smartphone

It happened with me, I jumped in the swimming pool with my phone in the pocket. Unfortunately, it was not the first time my phone was drenched. Some years ago, the villain was the rain. I was using a smartphone app to monitor my running pace and it started to rain. Not a light refreshing rain – no, a deluge, a Heavy rain. My phone was protected, but that was just too much rain.

At that time, I didn’t know what to do and made the wrong decisions. Some modern phones are waterproof, but others aren’t, and an accident involving water can be fatal. I’d like to share these hints with you on what to do if your phone decides to take a bath.

  • The first thing you should do NOW is a backup! You’ve heard this before, but have you done anything about it? It’s always better to be safe than sorry. Your photos, videos and musics, your apps and game data – everything could literally sink in water. We offer a simple, yet easy solution: avast! Mobile Backup protects your data against such accidents. Try now the free basic version from Google Play Store.
  • TURN YOUR PHONE OFF If your phone was dropped into water, the first thing to do is TURN IT OFF. And not only press the on/off button, but also remove the battery and cards completely. It’s a race against time. Each second is vital to avoid an electric shock and motherboard crash.
  • Let all the water flow freely. The best position for the phone is horizontal over a table on a dry piece of cloth. Do not rub, do not use cotton, do nothing… Just let the water drain out.
  • Dry the device carefully. After that, take a dry cloth or some absorbent paper to dry the device completely. Hold it with the screen facing up to drain all the water that could stay inside. Try not to shake it.
  • Be patient. Have a lot of patience. That’s the keyword here. Keep the phone open for a long time, at least 24 hours. Some technicians recommend to put it into a pot and fill with raw rice (or gel silica, if you have it with you) to absorb dampness.
  • After 24 hours, remove all the rice (or the small pieces of gel silica) and have patience again. Leave it open and exposed to air. Do not use hair dryers. Do not put the phone directly in the sun, because you can do more harm than good (harm to the screen, battery, or even the plastic parts.)
  • Only after other 12-24 hours you could try to put battery again and turn it on.
  • Of course, if you do not have luck, you’ll have to take it to technical assistance. But we wish you luck and that your phone will work again!

Besides getting wet, your phone can be lost or you could get infected with the ever-increasing malware being written for Android. Protect your phone for free with avast! Mobile Security & Antivirus. Get it on Google Play. Don’t be one of these careless people who neglect to protect their phones!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

April 17th, 2014

WordPress plugin vulnerability puts mobile visitors at risk

AVAST finds WordPress plugin redirector

AVAST finds new twist on WordPress plugin vulnerability

Today one of our colleagues came into our office and said, “Hey guys, I’ve been infected.” I thought to myself, yeah, how bad can this be? After a bit of digging we found the results were worth it; it turned out to be a really “interesting ” case of mobile redirected threats localized for each country.

All you need is one bad IP

The case was brought to us by Jakub Carda, a fellow AVAST employee who enjoys blogging in his free time. His WordPress site was compromised through a vulnerability in WordPress, more precisely OptimizePress. OptimizePress is a WordPress plugin that fully integrates itself into the WordPress CMS, helping bloggers optimize their blog’s design. A tiny mistake in the code of a file located in: lib/admin/media-upload.php made it possible for pretty much anyone to upload harmful content onto people’s WordPress sites, and plenty of websites have been compromised because of this.

Read more…

April 16th, 2014

Are software “Easter eggs” safe?

eggs02Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.

“I hate boiled eggs,” Chytrý joked, “but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start.”

Can Easter eggs be malicious?

We’re not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it’s not a huge leap to hiding malicious things. Backdoors, for instance?

“We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it’s without the user’s interaction. Easter eggs have remained harmless; Android apps – not so much,” said Chytrý.

Are there Easter eggs in mobile software?

Android developers have hidden Easter eggs within Android OS.

Easter eggs found in older version of Android OS

“There are Easter eggs in the latest versions of Android,” said Chytrý. “To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android’s version number on the about screen and quickly tap it several times.”

It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.

Read more…

April 15th, 2014

AVAST helps user recover stolen phone; brother gets shot fighting thieves

Shahrukh Humayun's smartphone was stolen

Shahrukh Humayun’s smartphone was stolen

Two brave brothers fight off mobile phone thieves in Pakistan market.

We have heard stories about how avast! Mobile Security’s anti-theft feature has helped people recover their lost or stolen phones, but nothing as dramatic as Shahrukh Humayun’s tale of bravery.

Twenty year old Shahrukh and his 17-year old brother, Shoaib, live in Rawalpindi, Pakistan, the “twin city” to the capital, Islamabad. “Pindi” is a thriving urban area with good hotels, restaurants, museums, parks, and numerous markets and bazaars. It’s in one of those busy marketplaces that their story begins.

Shahrukh and Shoaib went to the market one day and were held up at gunpoint by thieves that demanded Shahruck’s HTC EVO smartphone.  Acting bravely to defend the expensive and precious device, Shoaib fought back against the bandits. They shot the teenager in the leg, stole the phone and fled the scene.

In his own words, Shahrukh described what happened:

Respected Avast! Team

I love the avast! android application as it helped me in catching the thieves who stole my mobile when I was in the market.

The story of the incident is that I visited market with my brother and I had a HTC EVO 3D X515m at that time. The thieves called me on the gun point while the area was empty. They asked me for the mobile and when my brother tried to take action they shot him on the leg.

Well, eventually I received an sms from avast that the sim have been changed. I checked my mobile as the GPS was active. I told the police about the incident on the same day and they found the thieves after 8 hours through the Google GPS connected with avast map.

Thank you avast!. Love you

1044816_478380138915077_764014148_n

Shoaib Humayun fought theives

All of us at AVAST were touched by the courage of these two young men when faced with danger. We are happy that our anti-theft product proved to be so useful in finding and recovering the phone. More than that, we were concerned about Shoaib. How has he fared since the incident?

Shahrukh gave us an update:

My brother is braver than me. As a result of that bravery he showed his best loyalty to me by fighting with those bandits and got shot on his leg. This event have passed 8 months and he got no sign of bruises on his leg. But thank God he is fine.

Thank you avast for helping me fight these bandits against their unlawful behavior for the country.

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
April 7th, 2014

New AVAST survey shows people not so smart with smartphone security.

Smartphone owners are careless about security, says survey.

Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.

AVAST Software mobile security survey

AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…

April 2nd, 2014

Declaring machine war against malicious Android packages

machine_war_theme_jpg

Do you know the notion “machine war”? If you’re a fan of the Matrix movie trilogy then probably, yes. It denotes the fictional rise of artificially intelligent machines against the human race and their violent conquest of human beings. We want to apply a similar dominance of computationally powerful machines, not to create a population of slaves, but against numerous malicious Android packages that wildly proliferate on unofficial markets.

The idea of malware detection with no human interaction appeared earlier on our blog. In a fundamental article about AVAST research activities by AVAST’s COO, Ondřej Vlček, he effectively described the technologies we employ to deal with Windows threats. Two techniques have been mentioned explicitly, Malware Similarity Search and Evo-Gen, both working with Windows PE file format. Sometimes the latter form of detection technique is denoted as weak automated anti-malware heuristic.

The main effort is to reach two slightly conflicting qualities at the same time: The robustness, which means that suggested methods cover as many threats as possible; and simplicity, so that the methods are easily implemented in AVAST’s mobile security solution. The search for balance between those qualities is assisted by lessons learned from automated heuristic for Windows PE executables.

Read more…

March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 31st, 2014

Backup your phones and PCs on World BackUp Day!

Your world is on your mobile devices and PC: Your family photos, home videos, documents and emails. Unfortunately, you can lose it in an instance. For those folks who haven’t backed up their files, that means disaster. Today is World BackUp Day. Be prepared. Backup your files on March 31st.
backup_img

Did you know?

  • 113 cellphones are lost or stolen every minute of every day
  • More men (60%) than women (47%) frequently back up their data
  • Women are more at risk than men if their smartphone is stolen or lost, because they do not protect their personal data and information as well as men do.

back-up men_women
Back up your Android phone or tablet

Malware is a growing threat to the Android platform, but because of the small size of our devices, loss and theft is still the bigger threat. Men are more careful about the safety and security of their cellphones than women. We learned that curious fact from an avast! survey conducted last summer,  Lost or Stolen Smartphone: The Consequences are Bigger for Women Than for Men.

avast! Mobile BackUp is available for Android phones and tablets and comes in two different versions.

  1. 1. The standalone free version provides you with basic backup options: Contacts, text messages, pictures, and call logs.
  2. 2. If you would like to backup music, video, and apps, then you need to buy the Premium version. This can be done later, from within the free version.

Get free avast! Mobile BackUp from Google Play. After you install avast! Mobile BackUp, your current data will be backed up to your AVAST Account and Google Drive.

Back up your PC

avast! BackUp is an online backup and recovery service that allows you to backup your entire computer or select sets of data or individual files you want to back up. You can choose the storage capacity you need, and for a few bucks a month, rest assured that your files are safe in case disaster strikes.

Try avast! BackUp free for 30 days. During that time, you’ll get 25 GB for your files.

March 31st is World Backup Day. Take the pledge now, then take action:

I solemnly swear to backup my important documents and precious memories on March 31st.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.