Question of the week: I have avast! Free Antivirus on my computer and I love it, but isn’t antivirus for a smartphone overkill? I mean, there are not so many threats to a phone, are there?
This is a question being asked by lots of security firms lately, and the answer is a resounding, YES. As smartphones and tablets become increasingly popular, so do threats that target mobile devices exclusively. Two particular studies published lately have pointed to an increase in mobile malware over the past year.
Android is in the bull’s eye
You could win 1 of 9 Nexus devices! All you have to do is visit the Android Police contest page and answer this question:
What feature (or features) would you like to see added to avast! Mobile Security?
Visit the Android Police contest page now, read through the description of the contest, and add your answer to the comments section. That’s it! You could win 1 of 9 Nexus devices! The contest begins now and will run for one week, ending on Saturday, April 20th at 12:00AM PT (Midnight). After that, winners will be picked randomly.
Enter now and share with your friends.
Learn more about avast! Mobile Security:
Several days ago we received a complaint about javascrpt.ru. After a bit of research, we found that it tries to mimic ajax.google.com and jquery, but the code is an obfuscated/packed redirector.
After removing two layers of obfuscation, we found a list of conditions checking visitors’ user Agent. From these conditions. we got a clue and focused on mobile devices.
It has been two or three months since I last blogged about Android malware. But that definitely doesn’t mean there aren’t any new threats. There are plenty! Here are two quick comparisons from the last two years: Growth of the malware problem of the platform in January 2012 compared with January 2013 is far from the ‘normal’ growth of other platforms. According to our statistics, it’s something around +850 percent! Add another year for an even more insane comparison – the growth from January 2011 to January 2013 gives us +3150 percent! The Android platform is definitely one of the most targeted malware platforms these days. But no worries, users of Avast! Free Mobile Security are safe. Read more…
A few months ago, Google announced a new feature in Android. Version 4.2 Jelly Bean has an integrated real-time app scan which should be able to check if applications you install are clean or malicious. But is this enough? Sleazy Android app developers continue to sneak their fake apps by the Google Play gatekeepers. These guys rip off popular apps in an attempt to fool unsuspecting users.
“In the start of this week, Google released a few applications from a developer called GILBERT8332 which pretend they are legitimate applications. Between these applications you can find quite common games such as The Sims 3, Asphalt 6, Ninjago Lego and so on. And compared to original developers they are free,” said Filip Chytrý, a researcher from Avast Virus Lab.
The common result of downloading a bogus app is that personal information like your email address and mobile phone number are stolen and you are served an unending stream of spam and unwelcome offers.
Chytrý warns, “When you download them and install in your android device you will be surprised. All of them are malware. They all start quite innocently with a license agreement of AirPush advert. (AirPush is a advert system which allows to show advertisement in notification bar of your Android device.)”
“And then the funny parts come up. The Game will ask you if you want to change your main page in browser and put a search icon on desktop. Even if you decline, it’s too late. Your browser is already changed for another search page and your device is filled with uncomfortable adverts and as a bonus, the device will send personal information to a third party,” said Chytrý.
Block fake apps
avast! Free Mobile Security blocks fake apps and our new signature targeting protects you against
malware distributed with them. Our popular anti-virus/anti-theft app for Android stops downloads of fake apps and games, so you won’t be duped.
“All of these apps use multiple advert services, steal your personal data and they even are hidden under different creators. But don’t worry. Avast detects all of the mentioned applications as Android:FakeInst-DL, and urls of fake searchers are blocked also,” said Chytrý.
Get avast! Free Mobile Security for your Android device from Google Play. Please add a review and share with your friends if you like it!
Congratulations on your wonderful gift, and Merry Christmas! You are wise to think about security for your tablet, because cybercrooks are producing malware for these devices in increasing numbers.
avast! Mobile Security prevents malware and viruses on Android devices at no cost to you. You get Anti-theft protection, remote control and remote memory wipe, plus privacy reports, anti-spyware, network management, Web protection and a firewall. avast! Free Mobile Security is available for download either via Google Play (Android Market) or our website.
Once you have downloaded, do not forget to set your PIN Recovery in the ‘Settings’ section. The PIN Recovery feature is the way to get access to your device in case you lose or forget your avast! PIN. You have to set it in Settings or on the avast! Portal. You can use the avast! Portal for controlling your device remotely in case it is stolen. For this operation your device must be paired with your avast! account – if you do not have one, please sign in on dedicated pages.
Have fun with your new Galaxy tablet, and please share avast! Antivirus with your friends. Happy New Year!
The latest version of Android 4.2, code-named “Jelly Bean” has been released some time ago. While being just an incremental update to the major 4.0 release “Ice Cream Sandwich”, Google introduced some major new features within that update. While offering multi-user support and improved notifications, a new feature which is being promoted heavily, is the built-in app scanner which should protect Android devices from being infected by malware.
The client side app scanner of Android 4.2 is the next step in Google’s attempts to protect their Android ecosystem from malware threats, after introducing Bouncer, a server-side malware scanner used by Google to analyze apps that are being uploaded to Google Play Store. Bouncer was announced in February 2012 and is Google’s approach to prevent malware from being uploaded to the Google Play store as a first line of defense.
Now, some authors claim that third party mobile security tools are most likely not needed anymore, because Google now already pre-checks all mobile apps. I’ve been closely monitoring all those changes and improvements because I wanted to make my own mind on how successful these attempts by Google would be and to find out how our Android antivirus scanner delivered within our free avast! Mobile Security suite (http://www.avast.com/free-mobile-security) would stack up to what the operating system vendor itself would be able to provide.
Since months before the release of avast! Mobile Security in December 2011, our virus lab was working on setting up the initial state of our Android malware database. The database contains signatures of all the malicious files our virus lab guys find over time and is being extended day-by-day to contain definitions of the newest threats in real-time. Currently, tens of millions of Android devices owned by our users download those definitions every day to their avast! client side scanners. So I just went to our virus lab and asked the guys there to provide me with some statistics on the growth of our Android malware database.
As I already stated, Bouncer was thought to be the first line of defense, and tries to protect the main source of app downloads from malicious offerings. Could it be that as a result of introducing Bouncer, our malware database stopped growing or started to decline in size when Bouncer was introduced? Has Google been successful? See for yourself:
Android Malware Database History (Click to enlarge)
Obviously, since February 2012, our Android malware growth has not started to decline; it has not even stalled its growth, but has been continuously growing since that point in time. Read more…
Lots of smartphone users are still unaware of the actual risks arising from the use of smartphones based on operating systems, and they have a tendency to underestimate their security risks. Be honest, how many of you check if an application you install on your phone comes from a trusted source? Do you check which permissions the applications has? How many of you install applications that have “cool icons” and don’t check anything else?
I’ve asked a few people these questions, and was totally surprised by their answers! Even IT geeks don’t read permissions of applications and they just click and install whatever they find. What’s WORSE is that most of them think they are secured without any security application.
Do you remember my last article? We identified something very similar, also coming from blog and upload services such as 4shared. It’s really strange how many hijacked and infected applications are offered through those services.
One month ago, I pointed out a really nasty malware that pretends to be a Google Play app. I looked into what the creators of that malware have been doing for the last month. They definitely haven’t been lazy.
For the last two weeks, we saw more mutations of similar malware, with similar behavior. It sends numerous paid SMS messages to premium numbers without the user being aware of it. They try to pretend it is some kind of wanted application, but you obviously don’t want that.
This malware hide themselves under legitimate-sounding names like Flash Player, Talking Tom Cat, Kaspersky Lite, etc. But many of the apps have something in common: The package name is the same in hundreds of them. But don’t worry, all of them are detected.
My phone is infected! What can I do?
This leads me to the most important point of this blog post. For those who still believe they are fine without antivirus protection on their smartphone, there are a few steps to follow when you realize your phone is acting strangely.
1) Switch off GSM module or take out your SIM card immediately. (This should disconnect your phone from the mobile network and prevent losing your money.)
2) Restore your phone back to factory setup. (Malware should be removed, as well as all your data.)
3) Put your SIM card back, and you can use your phone again.
Is there a safer and easier way to protect my smartphone?
Luckily, yes. Malware that we meet comes mostly from untrusted sources. People often put the name of a wanted application in their browser and just click on the first URL that comes up. That practice is, of course, really dangerous. The viruses mentioned above come from file sharing servers such as 4shared.com, filestube.com, rapidshare.com, fake blogs, or from fake Android stores. Those file sharing servers are suspicious sources and one should not download applications from there. Even on Google Play you can find a dangerous application once in a while, so you should be cautious even when you look for applications there!
Here’s a quick example. When you search for popular games, for example, “Asphalt 6 adrenaline скачать бесплатно” (free download in Russian language) in one of the top pages on Google you will find a pretty nasty blog full of repacked games but with a small gift in the form of a malware.
My recommendation is to use an antivirus program on your phone – for example, avast! Free Mobile Security – and download applications from less dangerous sources – for example, Google Play, Amazon.com, etc.
When it comes to hotel security, I usually check two things: 1. Does the door open to an inside hallway or directly to the outside?, and 2. Does the room have a safe to store my passport and other valuables? Now, it seems, I have a third thing to think about: The electronic key.
Those sturdy plastic keycards have always seemed secure, and up to now, my only concern has been losing it, and having to ask the clerk at the front desk for a replacement. But recently, burglaries in American hotel rooms were linked to an electronic ‘hack’ which can open 4-5 million electronic locks in 200 hotel chains worldwide.
Back in July, at the Black Hat security conference, a Mozilla software developer exposed flaws he discovered in hotel room locks from the lock manufacturer Onity. He demonstrated the ability to break into rooms with a simple, cheap device that could be hidden in an iPhone case. Read how he did it. Since the summer, others have perfected the technique, and now thefts have taken place and an arrest was even made in Texas.
Your data is more important than the device it’s on
With all the devices we carry with us these days – I have a smartphone, laptop, and tablet – securing these gadgets is important. The most important thing about these devices is the data that’s on them, so before you leave on your travels, make sure you backup your files, photos, music, etc. Avast! BackUp is an online backup and recovery service that allows you to select sets of data or individual files you want to back up. You can quickly and easily restore files with the avast! BackUp software on your computer and you may also log in to your account online to restore files. Download a free trial here.
For your Android smartphones and tablets, make sure you install and setup avast! Free Mobile Security, our anti-theft and anti-malware app. It has special “stealth” and remote-access features, including lock, wipe and siren, as well as remote text commands, so you are protected against the loss or misuse of your phone. Get avast! Free Mobile Security for free from Google Play.
Other valuables, such as travel documents, can be placed in the hotel safe. But be aware that even those aren’t entirely secure. Reports have been made that some can be opened with a default code of all zeroes, 0000. Check it out next time. If you don’t trust the in-room safe or your items won’t fit, consider using the hotel front desk guest safes. If you don’t want to make use of a safe, make sure you bring luggage equipped with locks, so you can secure your valuables inside.
Do you have any other tips to keep your devices and yourself secure while staying in a hotel? Please share them.
Potentially Unwanted Program – that’s what PUP stands for. You probably already had a chance to meet some PUPs on a Windows PC, but how does a PUP look on an Android phone? How will you know how to handle it? All of this will be explained here.
When a PUP alert attacks you, don’t panic.
For starters, it’s just a warning. It’s not a standard virus and, no, your life is not in danger. PUP detections were made to warn people when a suspicious component or ability is detected within the application.
Let’s say you downloaded an app that’s called “Christmas Carols” (don’t panic about that, either; it’s still a month and a half till Christmas) and a PUP warning hits you. The detection name reads “Android:SpyPhone-E [PUP]”. What should you do? Well, what I would do is to sing Silent Night to that app and wave goodbye while uninstalling it. Why? Well, it’s an app that’s supposed to play Christmas carols and not “SpyMyPhone” or whatever that PUP warning says.