Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘Android corner’ Category
April 7th, 2014

New AVAST survey shows people not so smart with smartphone security.

Smartphone owners are careless about security, says survey.

Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.

AVAST Software mobile security survey

AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…

April 2nd, 2014

Declaring machine war against malicious Android packages

machine_war_theme_jpg

Do you know the notion “machine war”? If you’re a fan of the Matrix movie trilogy then probably, yes. It denotes the fictional rise of artificially intelligent machines against the human race and their violent conquest of human beings. We want to apply a similar dominance of computationally powerful machines, not to create a population of slaves, but against numerous malicious Android packages that wildly proliferate on unofficial markets.

The idea of malware detection with no human interaction appeared earlier on our blog. In a fundamental article about AVAST research activities by AVAST’s COO, Ondřej Vlček, he effectively described the technologies we employ to deal with Windows threats. Two techniques have been mentioned explicitly, Malware Similarity Search and Evo-Gen, both working with Windows PE file format. Sometimes the latter form of detection technique is denoted as weak automated anti-malware heuristic.

The main effort is to reach two slightly conflicting qualities at the same time: The robustness, which means that suggested methods cover as many threats as possible; and simplicity, so that the methods are easily implemented in AVAST’s mobile security solution. The search for balance between those qualities is assisted by lessons learned from automated heuristic for Windows PE executables.

Read more…

March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 31st, 2014

Backup your phones and PCs on World BackUp Day!

Your world is on your mobile devices and PC: Your family photos, home videos, documents and emails. Unfortunately, you can lose it in an instance. For those folks who haven’t backed up their files, that means disaster. Today is World BackUp Day. Be prepared. Backup your files on March 31st.
backup_img

Did you know?

  • 113 cellphones are lost or stolen every minute of every day
  • More men (60%) than women (47%) frequently back up their data
  • Women are more at risk than men if their smartphone is stolen or lost, because they do not protect their personal data and information as well as men do.

back-up men_women
Back up your Android phone or tablet

Malware is a growing threat to the Android platform, but because of the small size of our devices, loss and theft is still the bigger threat. Men are more careful about the safety and security of their cellphones than women. We learned that curious fact from an avast! survey conducted last summer,  Lost or Stolen Smartphone: The Consequences are Bigger for Women Than for Men.

avast! Mobile BackUp is available for Android phones and tablets and comes in two different versions.

  1. 1. The standalone free version provides you with basic backup options: Contacts, text messages, pictures, and call logs.
  2. 2. If you would like to backup music, video, and apps, then you need to buy the Premium version. This can be done later, from within the free version.

Get free avast! Mobile BackUp from Google Play. After you install avast! Mobile BackUp, your current data will be backed up to your AVAST Account and Google Drive.

Back up your PC

avast! BackUp is an online backup and recovery service that allows you to backup your entire computer or select sets of data or individual files you want to back up. You can choose the storage capacity you need, and for a few bucks a month, rest assured that your files are safe in case disaster strikes.

Try avast! BackUp free for 30 days. During that time, you’ll get 25 GB for your files.

March 31st is World Backup Day. Take the pledge now, then take action:

I solemnly swear to backup my important documents and precious memories on March 31st.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 28th, 2014

How to watch American TV when traveling overseas

Question of the week: I don’t want to miss my team play basketball in the March Madness tournament, but I have to go on a business trip to Europe next week. How can I watch US TV when I am traveling overseas?

AVAST_March Madness

This is a great question. TV has never been better, so it’s hard to miss an episode of The Walking Dead or House of Cards when traveling. As for sports – OMG! when you’re team is doing great (Go Gators!), it’s not enough to just read about it online. For our friends outside the USA, March Madness, the annual NCAA college basketball tournament, is in full swing and fans are following closely (think the UEFA Champions League or World Cup.) College basketball fans eagerly follow as 64 teams progress through the rounds to the Sweet Sixteen, the Elite Eight, the Final Four, and at last, the championship game known as “The Big Dance.”

IMG-georestrictionsmWhen in the U.S., you can watch on CBS, TNT, TBS, and truTV, as well as live stream current games and replays through the NCAA March Madness Live web site and downloadable app for mobile devices. But when you’re out of the country, you often don’t have access because of geo-restricted content. You may have seen messages similar to this one from YouTube, that says, “This video is not available in your country.”

20140326_avast_secureline_securely connected via USUse a VPN service to access geo-restricted content

Many expats and travelers use a VPN service to access streaming services while living or traveling in foreign countries.  The VPN (Virtual Private Network) allows you to securely connect to a server of your choice, so that it acts as a “proxy” from a different location than where you are.

avast! SecureLine VPN is one of those services. If you are traveling in Europe, then select a server in the U.S. to access geo-restricted sites. When you log on to CBS, Netflix, Hulu, etc, the service will identify the server as coming from the correct location, and allow you to log on.

VPN adds security when using free WiFi

Another benefit of VPN when traveling is the security you get when using free WiFi at hotels and airports. The VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything – your web browsing history, your email, your IMs, your VOIP, everything –  inbound and outbound through the tunnel is encrypted. Even if your data is intercepted, your identity is protected, since the VPN masks your IP address. Read more about the security aspect in our previous blog, avast! SecureLine protects your Android or iPhone from cybercriminal surveillance.

How to get avast! SecureLine VPN

avast! SecureLine VPN is completely integrated into all of AVAST’s free and premium products and is available for Android and iOS devices and PCs.

avast! SecureLine VPN is available as a monthly or yearly subscription for Android on Google Play, PCs on the avast! website, and an annual subscription for iOS in the Apple App Store.

Ask a question

If you have a question about any of AVAST’s products, please send them to wannabesocial@avast.com. If we answer your question, we will send you an avast! Teddy Bear.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 18th, 2014

Fake Korean bank applications for Android – Pt 3

Recently, we discovered an account on GitHub, a service for software development projects, that has interesting contents. The account contains several projects; one of the latest ones is called Banks, and it has interesting source codes.  The account contains information like user name, photo, and email address, but we cannot tell who the guy in the picture is. He might not be related to the contents at all, it could be a fake picture, fake name, or simply his account may have been hacked, his identity stolen, and the Banks repository created by someone else without his consent. In this blog post, we will explore the source codes in detail.
korea-03

When we downloaded the repository, we found several directories – GoogleService and fake applications imitating mobile applications of five major Korean banks – NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank and Woori Bank.

korea-02

 

We previously published two blog posts with analyses of the above mentioned fake applications.

When we look at GitHub statistics, and Punchcard tab, it tells us what time the creators were most active. From the chart below you can see, that Saturday mornings and evenings and Sunday evenings were the most active times of comments of new versions. It seems that authors of this application do the development as a weekend job. At the time of writing this blogpost, the last update of fake bank applications was in the beginning of January 2014.

korea-20

This is not the first attack against users of Korean banks. About a year ago, we published this analysis.

Conclusion

Github, the web-based hosting service for software development projects, offers a lot of interesting contents, which depending on its settings can be later found and accessed by virtually anyone, including Google robots.  We managed to find the above mentioned repository by simply Googling the strings which occurred in a malicious Android application.

Acknowledgement:

The author would like to thank to Peter Kalnai and David Fiser for help and consultations related to this analysis.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 7th, 2014

Google Play: Whats the newest threat on the official Android market?

Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?

We’ve already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that  is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don’t want to have on your Android device.

Blg1

Starting with the application’s permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.

    <uses-permission android:name=”android.permission.CAMERA” />

Read more…

March 3rd, 2014

Fake Korean bank applications for Android – part 2

In February, we looked at the first part of the fake Korean bank application analysis along with Android:Tramp (TRAck My Phone malicious Android application), which uses it. In this blogpost, we will look at another two Android malware families which supposedly utilize the same bunch of fake Korean bank applications. At the end of this article, we will discuss the origin of malware creators.

Analysis of Android:AgentSpy

It is interesting to search for references of bank applications package names – KR_HNBank, KR_KBBank, KR_NHBank, KR_SHBank, KR_WRBank. One reference goes to a malicious application called Android:AgentSpy. The infection vector of this application was described by Symantec, contagio mobile and Alyac. We will not delve into details, we will just mention that the malicious application is pushed to a connected mobile phone via ADB.EXE (Android Debug Bridge). The uploaded malicious file is called AV_cdk.apk.

Android:AgentSpy contains activity MainActivity and several receivers and service CoreService.

BootBroadcastReceiver

Monitors android.intent.action.BOOT_COMPLETED and android.intent.action.USER_PRESENT and if received, starts CoreService. It also monitors attempts to add or remove packages – android.intent.action.PACKAGE_ADDED and android.intent.action.PACKAGE_REMOVED.

CoreService

1) Calls regularly home and reports available connection types (wifi, net, wap), IMSI, installed bank apps

2) Regularly polls C&C and responds to the following commands

sendsms – sends SMS to a given mobile number

issms – whether to steal received SMS or not

iscall – whether to block outgoing call

contact – steals contact information and upload them to C&C

apps – list of installed bank apps

changeapp – replaces original bank applications with fake bank applications

move – changes C&C server

PhoneListener receiver

Moniors new outgoing calls. If android.intent.action.NEW_OUTGOING_CALL is received, information about the outgoing call is sent to C&C.

Config class

Contains C&C URL, name of bank packages (String array bank), name of fake bank packages (String array apkNames). It also contains reference to conf.ini configuration file.

koreanbanks_agentspy_config

Analysis of Android:Telman

One more Android malware family, which uses fake bank applications is called Android:Telman. Similarly to Android:Tramp and Android:AgentSpy, it checks for installed packages of the above mentioned banks. Read more…

February 26th, 2014

Lost your phone? avast! Anti-Theft helps get it back!

Our AVAST mobile security developers labored over an ingenious feature that we hope you will never have to use. Losing your mobile phone may cause you to have a panic attack and cry uncontrollably, but if it happens to you, you can dry your tears because you have tools to find your phone when you install avast! Free Mobile Security with Anti-Theft.

What is avast! Anti-Theft?

avast! Anti-Theft is a separate program included in avast! Free Mobile Security. You can install it at the same time as the avast! Mobile Security product, or later as a separate installation. Its unique capabilities help you recover your phone by controlling it remotely with SMS commands or via the internet by logging in to your AVAST account.

Since Anti-Theft is a stand-alone application, once its launched, it hides itself, making it completely invisible to a potential thief. Read more…

Comments off
February 26th, 2014

Mobile Security: Your best protection is constant protection

IMG_20140225_122105

avast! doesn’t stop the NSA, but it helps you BE COOL about it

More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.

Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkel’s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies;  and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.

Unprotected WiFi presents a real and present danger

Edward Snowden’s recently leaked documents revealed that the Canadian government’s intelligence agency, CSEC, collected data from travelers who connected to unprotected WiFi at Canadian airports. Read more…

Comments off