Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

June 20th, 2014

Samsung Galaxy S5 and other popular phones vulnerable to “TowelRoot” Android exploit

avast! Mobile Security detects TowelRoot exploitsavast! Mobile Security protects from an Android flaw which leaves nearly all new smartphones and tablets vulnerable to attack.

Last week, a wave of articles about a newly discovered Android security flaw flooded the Internet. They sounded a warning, similar to this:

“A flaw in the Android operating system may leave many Android phones and tablets vulnerable to attack, including the Samsung Galaxy S5 and Google’s own Nexus 5,” reported Jill Scharr in a Tom’s Guide article.

Our Virus Lab did not waste  time and started preparing for the inevitable attacks. AVAST researchers dug into the subject looking for malware to make  sure that avast! Mobile Security is ready to protect our users. If you are an avast! user and your tablet or smartphone is protected by avast! Mobile Security, you are protected.

“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained  Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.”

Android has not made an official statement on the security flaw, however our researchers confirm that even the latest versions of the operating system are exposed (version 4 and all higher). It is very likely that versions 3.0 can be attacked, too. For those who just purchased an Android device or don’t have protection yet, we strongly recommend that you install avast! Mobile Security, before taking any further actions. Despite the fact that some of the mobile providers claim that their devices are immune to this particular Android exploit, it is highly risky to leave your device unprotected.

What is the TowelRoot Android vulnerability?

Earlier this month a security flaw in Linux, the operating system which Android is based upon, was discovered by a young hacker known as “Pinkie Pie.” Soon afterwards, a gifted teenager, notable because he was the first to unlock the unlockable –  an iPhone at the age of 17, prepared a tool kit for potential hackers. Its instructions are available publicly to “purchase,” allowing even less advanced programmers to write a script that will use the exploit.

The potential exists for hackers to take full control; to simply root your device. So far the AVAST Virus Lab has not observed any massive attack, however knowing about the potential risk, our Virus Lab is ready for the attack. avast! Mobile Security is capable of discovering different variations of malware code required to exploit the bug.

Who is exposed and how to protect yourself?

Basically everyone who owns an Android device without proper antivirus protection, tablet or mobile phone, with any version of Android OS, including the newest one is at risk for malware.

In order to prevent this exploit, or any other malware attack, once you purchase your device, we advise to install antivirus first, before installing any apps, importing contacts, or starting to browse online. Our avast! Free Mobile security, as well as its Premium version are available to download and install from Google Play.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

June 19th, 2014

How to use avast! Ransomware Removal?

howto2_enEarlier this week AVAST released a new Android app called avast! Ransomware Removal that will remove SimplLocker from infected devices.

SimplLocker blocks access to files on infected mobile devices by encrypting them. Without our free ransomware removal tool, infected users have to pay $21 to regain access to their personal files. SimplLocker  is the first ransomware that actually encrypts  files, so we developed a free tool for people to restore them. – said Ondrej Vlcek, Chief Operating Officer at AVAST Software.

After being available on Google Play for a few days to the public, the app has already been received with huge enthusiasm. We, however, spotted some questions regarding the tool on social media and addressed to our support team. In this article we will explain, how to install, run the tool and why it is important to uninstall it after AVAST has done its job!

1. How can I install the avast! Ransomware Removal tool, if my mobile is already being blocked by the malware? Read more…

June 18th, 2014

Google Play Store changes opens door to cybercrooks

mobile appsLast week, Google upgraded the Android app section of its store and introduced a new way for users to manage permissions. Google claims it will be easier  for users to understand and that users will pay more attention to app permissions. The new interface has a cleaner look and the common user can now install apps more quickly. But does this simplicity come with a price?

Android controls the security and the amount of access every app is granted by using “permissions”. Each action has to ask the operating system for permission to take a new action. In older versions, when an app update asked for new actions or requested additional permissions, Google Play would notify the user prompting them to explicitly accept or deny the new action. Even if the user had automatic updates set, in the cases of new permissions being asked, the user would need to manually perform the update. Even if the user wasn’t exactly sure what they were giving permission for, at least the user was aware and could make the decision themselves. Security was preserved.

Everything is different now

Everything changed last week.

Individual permissions, which could range from important to trivial, are now joined into 13 groups, including a catch-all called “Other”. Now the user has to accept a “new group” change. This means that if you have already allowed certain permissions within a group, then any other permission within that group will automatically be allowed. For example, an app that could access your calendar can now also read your contacts. If you set a meeting and have invited people by email, the app will be able to use the calendar to send emails to them, even without your consent!  Read more…

Comments off
June 17th, 2014

AVAST kills Android ransomware with new app

avast! Ransomware Removal app eliminates Android ransomware and unlocks encrypted files, for free!

ransomware-removal-suitcase

Ransomware, the terror of Windows that locks computers, encrypts the files, then demands a hefty payment to unlock them, has made its way to Android smartphones.

“The ransomware problem is growing like hell – and it’s no longer just threatening users – the new versions actually do encrypt your files,” said Ondrej Vlcek, Chief Operating Officer at AVAST Software.

AVAST Software just released a new app called avast! Ransomware Removal that will eliminate the malware from an infected device. Get it free for your Android smartphone and tablet from the Google Play Store.

avast! Ransomware Removal will tell you if your phone has ransomware on it. If you are infected, it will eliminate the malware. Android users who are clean, can use the free app to prevent an infection from happening.

This short video shows you what actually happens when ransomware infects your Android smartphone.

The next wave of attacks

Savvy malware writers know where the next round of victims can be found. With Android at a whopping 80% worldwide market share, as well as “billions” of remaining mobile subscribers ready to upgrade to smartphones, the targets are numerous.

After detecting the massive growth of ransomware on PCs, this spring AVAST Virus Lab researchers saw the malware migrating to the Android platform. Analysts identified fake government mobile malware, and early this month a new ransomware called SimplLocker proved to be successful. This proof-of-concept worked so well encrypting photos, videos, and documents stored on smartphones and tablets, that the Virus Lab immediately ordered a tool from our mobile development team to combat it - avast! Ransomware Removal.

SimplLocker blocks access to files contained on mobile devices. Without our free ransomware-removal tool, infected users have to pay $21 to regain access to their personal files,” said Vlcek. “SimplLocker is the first ransomware that actually encrypts these files, so we developed a free tool for people to restore them.”

Find. Kill. Prevent.

Install avast! Ransomware Removal to find out if your Android devices are infected and to get rid of an infection. Anyone infected by SimplLocker, Cryptolocker, or any other type of ransomware can download the free avast! Ransomware Removal tool, and then install the app remotely on the infected device. Once installed, you can easily launch the app to scan the device, remove the virus, and then decrypt your hijacked files.

To keep your devices protected from Cryptolocker, SimplLocker, and other ransomware, make sure to also install avast! Free Mobile Security & Antivirus from the Google Play store. It can detect and remove the malware before it is deployed.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

June 16th, 2014

INFOGRAPHIC: Ole Ola! America will play World Cup soccer on mobile devices

The U.S. is on the soccer field: Our own triple-threat celebrity, Jennifer Lopez, performed at the opening ceremony; Facebook set up a special “Trending World Cup” news feed; Twitter predicts the most tweeted global event ever; Google search features a daily soccer doodle; and the U.S. is playing its first game in the tournament today.

The 2014 World Cup is more digital than any other soccer World Cup. At AVAST, we wanted to understand how people will watch and participate in the tournament this year. In a survey of more than 3,000 AVAST users in the U.S., we discovered mobile devices will play a big part: Two out of three American soccer fans will use their smartphone or tablet to enhance their World Cup experience. 

World Cup 2014, USA, soccer, mobile

Soccer news, live scores and vuvuzela sounds on smartphone

Highest priority for Americans is to stay on top of the game results with more than half the fans reporting they will check the live scores from their smartphone. One-third said they will read news about the games on their smartphone or tablet and one-fifth will live stream the games on their mobile device. Many will certainly be interested in the results as they placed a bet. The best strategies to bet on the winning team have been discussed and people are already well into betting fever. One out of ten survey respondents will use or have already used their smartphone or tablet to place bets. 

There is even more that can be done on mobile. For six percent of respondents, collecting and trading stickers of the players has moved from the paper booklet to digital albums in the cloud. And what would a World Cup be without the famous BZZZZ vuvuzela sound? Cover your ears – this year you can expect to hear a cacophony of digital horns: One in 20 intend to use a mobile app to sound the vuvuzela.

Instead of just following the games, every eighth American fan wants to become a world champion themselves – and will play soccer games on their mobile device. 

For all mobile activities, nearly half of Americans stick to the official FIFA apps, the majority mixes official with unofficial apps or only go for unofficial apps. It’s great for fans to have a wider variety of apps to choose from, but beware, we found some gaming apps that are fake, they won’t let you play and instead just want to collect your data and show you ads.

One out of five will live stream the games on smartphone or tablet

The majority of Americans will still watch the games the traditional way – eight out of ten – on the TV at home. However, digital sources are slowly taking over:  40 percent will watch the tournament on PC  and on the smartphone and tablet 21 percent will watch. 

Now who do Americans think will win? 

Americans’ faith in their own team is low!  Only eight percent think the U.S. team will win. Instead, all bets are on the World Cup host: One-third of Americans pick Brazil to take home the cup.

World Cup safety tips

At AVAST, we think we can all be winners if this will be a safe World Cup. Using your smartphone and tablet during and after the soccer World Cup, make sure you are protected:

  • Only download apps from the official Google Play store
  • Choose apps from official sources and read what others are saying about them
  • Take a close look at the permissions an app requests and question if they are necessary for the apps’ functionality   
  • Use antivirus on your PC, smartphone, and tablet
  • If live streaming the games on public Wi-Fi, make sure you are protected with a VPN solution encrypting your communications such as avast! SecureLine

 

World Cup 2014, mobile, USA, soccer

June 13th, 2014

Everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

In April 2014, we introduced avast! GrimeFighter in 14 languages, offering our product to millions of users. Ever since then, avast! GrimeFighter became one of the most popular new products among our users. However, many of you still don’t know the benefits of it or what avast! GrimeFighter does. Therefore we have prepared a series of articles to show you the functionality of our grime-fighting minions! Learn everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

1. Who are the minions?

They might look like funny characters from an animated movie. The minions, however, are serious warriors against all kind of dirt that accumulates on your computer over time. Removing “Grime” is quite a sophisticated process, and it must be done properly. Our minions must be very careful not to remove unnecessary items, as well as look through the entire system so as not to miss something.  Each of the characters play an important role in the cleaning process, to achieve one common goal: Speed up your PC and optimize it’s performance.  Meet the “mean and lean” GrimeFighter crew:

Grime crew1

Grime crew Read more…

June 10th, 2014

Keep your phone safe from hackers and thieves while on vacation

Traveling to Brazil for the 2014 FIFA World Cup, or just headed out to your local beach for a daytrip? You remember to pack your sunglasses, a hat, and plenty of sunblock, but don’t forget that your mobile gadgets need protection too.

world-cup-hackers Here’s a couple more items for your packing list:

  • avast! SecureLine VPN to protect against dodgy public WiFi
  • avast! Mobile Security and Anti-Theft to protect against thieves

That free WiFi HotSpot could get you in hot water!

Spectators at the 2014 FIFA World Cup Brazil will have lots of choices of free WiFi. At least 6 of the 12 World Cup stadiums have access to free WiFi built in, and planners have created WiFi hotspots across 2,300 access points, including parks, squares, and public transit stations. Fans not watching in person will check scores on their phone or watch live streaming matches by connecting to free WiFi at hotels and bars.

“A WiFi attack on an open network can take less than 2 seconds,” tweeted @ExtremeNetworks recently. Cybercrooks can access and steal your personal data when you connect to these unprotected networks. Having your identity stolen and bank account emptied out while on vacation could ruin any trip – even one to paradise!

“Hackers target public hotspots, where it’s easy to follow every move that users of the WiFi connection make, allowing them to access emails, passwords, documents, and browsing behavior,” said Vincent Steckler, Chief Executive Officer of AVAST Software.

Use a VPN service to make sure that doesn’t happen. avast! SecureLine VPN protects your privacy by making your logins, emails, instant messages, and credit card details invisible to spying.

Read more…

Comments off
June 9th, 2014

Are hackers’ passwords stronger than regular passwords?

Hackers use weak passwords just like the rest of us.

librarian_dict_sm

Nearly two thousand passwords used by hackers were leaked this week, when I tried to decode a PHP shell without knowing the key. Because I did not know the exact content of the encoded file and searching the key could take me years, I chose a different approach. I decided to find out how strong passwords used by hackers are and create a dictionary. :)

Over the years of fighting malware, the avast! Virus Lab has gathered many samples of various back-doors, bots and shells. Some of them are protected with a password encoded in MD5, SHA1 or in plain text, so it was good way to start. I looked at 40,000 samples of hackers’ passwords and found that nearly 2,000 were unique and 1,255 of those were in plain text. Another 346 passwords were easily cracked from MD5 hashes, because they were shorter than 9 characters. That gave me a total of 1,601 passwords and 300 hashes. I created statistics from those words, and here are my findings.

1Passwords that nobody will guess

Percentage of characters used in hackers' passwords

About 10% of the passwords were beyond normal capabilities of guessing or cracking. Of those, I found words as long as 75 characters, probably generated by a computer. Some of them were in long sentence form mixed with special characters such as lol dont try cracking 12 char+. Too bad it was stored in plain text. ;)

There were also passwords that don’t use characters from an English keyboard. But there was still a 90% chance it could be a normal word, maybe with some number in it. No less than 9% of the passwords could be found in an English dictionary.

The table on the right shows which characters are used in hackers’ passwords. The first row means that 58% of passwords contained only lower-case alphabet characters a-z. Read more…

June 5th, 2014

SimplLocker does what its name suggests: Simply locks your phone!

A new Android mobile Trojan called SimplLocker has emerged from a rather shady Russian forum, encrypting files for ransom. AVAST detects the Trojan as Android:Simplocker, avast! Mobile Security and avast! Mobile Premium users can breathe a sigh of relief; we protect from it!

malware, mobile malware, Trojan, SimplockerThe Trojan was discovered on an underground Russian forum by security researchers at ESET. The Trojan is disguised as an app suitable for adults only. Once downloaded, the Trojan scans the device’s SD card for images, documents and videos, encrypting them using Advanced Encryption Standard (AES). The Trojan then displays a message in Russian, warning the victim that their phone has been locked, and accusing the victim of having viewed and downloaded child pornography. The Trojan demands a $21 ransom be paid in Ukrainian currency within 24 hours, claiming it will delete all the files it has encrypted if it does not receive the ransom. Nikolaos Chrysaidos, Android Malware Analyst at AVAST, found that the malware will not delete any of the encrypted files, because it doesn’t have the functionality to do so. Targets cannot escape the message unless they deposit the ransom at a payment kiosk using MoneXy. If the ransom is paid the malware waits for a command from its command and control server (C&C) to decrypt the files.

What can we learn from this?

Although this Trojan only targets a specific region and is not available on the Google Play Store, it should not be taken lightly. This is just the beginning of mobile malware, and is thought to be a proof-of-concept. Mobile ransomware especially is predicted to become more and more popular. Once malware writers have more practice, see that they can get easy money from methods like this, they will become very greedy and sneaky.

We can only speculate about methods they will come up with to eventually get their malicious apps onto official markets, such as Google Play, or even take more advantage of alternative outlets such as mobile browsers and email attachments. It is therefore imperative that people download antivirus protection for their smartphones and tablets. Mobile devices contain massive amounts of valuable data and are therefore a major target. 

Ransomware can be an effective method for criminals to exploit vulnerable mobile users, many of which don’t back up their data. Just as in ransomware targeting PCs, this makes the threat of losing sentimental data, such as photos of family and friends or official documents, immense.

Don’t give cybercriminals a chance. Protect yourself by downloading avast! Mobile Security for FREE.

June 4th, 2014

Black marketed Windows banking & POS Trojan Minerva turns in-the-wild

10309990_1418461665091456_1542203837_oThe path from the creation of malicious program to its delivery onto victims’ computers is long nowadays and involves many different players with the same goal – to make a financial gain. Malware authors usually offer their software to cyber criminals who in turn distribute it via underground forums. This is the how they keep their anonymous status. We have previously seen many famous malicious programs start this way.

In the past, the Russian banking Trojan Carberp was heavily advertised on shady forums. In the beginning of the year, an attempt to sell a new ransomware called Prison Locker was reported. Last year, we blogged about Trojan Solarbot which choose to promote itself through a well- designed website, appearing very official.

However, we don’t always know all the details about every piece of malware, from the code to how it is being distributed. The Trojan dubbed i2Ninja, for example, made headlines last year, but we never received a real sample containing all the functionalities the media reported on. Or do you remember the Hand of Thief Trojan for Linux desktops? Its variant for the Android platform was also advertised, but again, we never encountered it in our Virus Lab. These advertisements could have lacked the real code behind them or may have gone under in the pile of cyberthreats.

In March 2013 a new banking Trojan dubbed Minerva was introduced on a Russian forum. We will see that it is awfully successful in what it promised to do. Read more…