Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘android’
March 18th, 2014

Fake Korean bank applications for Android – Pt 3

Recently, we discovered an account on GitHub, a service for software development projects, that has interesting contents. The account contains several projects; one of the latest ones is called Banks, and it has interesting source codes.  The account contains information like user name, photo, and email address, but we cannot tell who the guy in the picture is. He might not be related to the contents at all, it could be a fake picture, fake name, or simply his account may have been hacked, his identity stolen, and the Banks repository created by someone else without his consent. In this blog post, we will explore the source codes in detail.
korea-03

When we downloaded the repository, we found several directories – GoogleService and fake applications imitating mobile applications of five major Korean banks – NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank and Woori Bank.

korea-02

 

We previously published two blog posts with analyses of the above mentioned fake applications.

When we look at GitHub statistics, and Punchcard tab, it tells us what time the creators were most active. From the chart below you can see, that Saturday mornings and evenings and Sunday evenings were the most active times of comments of new versions. It seems that authors of this application do the development as a weekend job. At the time of writing this blogpost, the last update of fake bank applications was in the beginning of January 2014.

korea-20

This is not the first attack against users of Korean banks. About a year ago, we published this analysis.

Conclusion

Github, the web-based hosting service for software development projects, offers a lot of interesting contents, which depending on its settings can be later found and accessed by virtually anyone, including Google robots.  We managed to find the above mentioned repository by simply Googling the strings which occurred in a malicious Android application.

Acknowledgement:

The author would like to thank to Peter Kalnai and David Fiser for help and consultations related to this analysis.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 13th, 2014

AVAST is top choice for mobile and PC security worldwide

Respected testing lab AV-Comparatives ranks AVAST as the most popular provider of both mobile security and antivirus protection in North America, South America, and Europe, and gaining in Asia.

AVcomp mobile security

“This survey highlights that AVAST is the most popular name in security in the world,” said Vincent Steckler, CEO of AVAST Software. “We proudly protect more than 210 million devices from hackers, thieves, spies and even governments.”

The rankings came from the fourth annual global survey released at the end of February. In the survey, AV-Comparatives states that internet usage among home and business users is growing, but how people access the internet is changing. Smartphone and tablet sales have increased, while laptop and desktop sales are on the decline. This means that the focus of cybercrooks is changing too.

Android owners are vulnerable without security protection

Mobile device owners are steadily realizing that the threat to their security is increasing. The survey confirms that the amount of mobile devices protected by security software is significantly lower than that of desktop devices, especially in North America.

“User awareness of mobile malware is dangerously low; yet in 2013, our virus lab found more than 1,850 new pieces of mobile malware a day,” commented Mr. Steckler. Read more…

March 7th, 2014

Google Play: Whats the newest threat on the official Android market?

Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?

We’ve already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that  is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don’t want to have on your Android device.

Blg1

Starting with the application’s permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.

    <uses-permission android:name=”android.permission.CAMERA” />

Read more…

March 3rd, 2014

Fake Korean bank applications for Android – part 2

In February, we looked at the first part of the fake Korean bank application analysis along with Android:Tramp (TRAck My Phone malicious Android application), which uses it. In this blogpost, we will look at another two Android malware families which supposedly utilize the same bunch of fake Korean bank applications. At the end of this article, we will discuss the origin of malware creators.

Analysis of Android:AgentSpy

It is interesting to search for references of bank applications package names – KR_HNBank, KR_KBBank, KR_NHBank, KR_SHBank, KR_WRBank. One reference goes to a malicious application called Android:AgentSpy. The infection vector of this application was described by Symantec, contagio mobile and Alyac. We will not delve into details, we will just mention that the malicious application is pushed to a connected mobile phone via ADB.EXE (Android Debug Bridge). The uploaded malicious file is called AV_cdk.apk.

Android:AgentSpy contains activity MainActivity and several receivers and service CoreService.

BootBroadcastReceiver

Monitors android.intent.action.BOOT_COMPLETED and android.intent.action.USER_PRESENT and if received, starts CoreService. It also monitors attempts to add or remove packages – android.intent.action.PACKAGE_ADDED and android.intent.action.PACKAGE_REMOVED.

CoreService

1) Calls regularly home and reports available connection types (wifi, net, wap), IMSI, installed bank apps

2) Regularly polls C&C and responds to the following commands

sendsms – sends SMS to a given mobile number

issms – whether to steal received SMS or not

iscall – whether to block outgoing call

contact – steals contact information and upload them to C&C

apps – list of installed bank apps

changeapp – replaces original bank applications with fake bank applications

move – changes C&C server

PhoneListener receiver

Moniors new outgoing calls. If android.intent.action.NEW_OUTGOING_CALL is received, information about the outgoing call is sent to C&C.

Config class

Contains C&C URL, name of bank packages (String array bank), name of fake bank packages (String array apkNames). It also contains reference to conf.ini configuration file.

koreanbanks_agentspy_config

Analysis of Android:Telman

One more Android malware family, which uses fake bank applications is called Android:Telman. Similarly to Android:Tramp and Android:AgentSpy, it checks for installed packages of the above mentioned banks. Read more…

February 17th, 2014

Fake Korean bank applications for Android – PT 1

About a year ago, we published this analysis about a pharming attack against Korean bank customers. The banks targeted by cybercriminals included NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank, and Woori Bank. With the rise of Android-powered devices, these attacks now occur not only on the Windows platform, but also on the Android platform. In this blogpost we will look at a fake bank application and analyze several malware families which supposedly utilize them.

Original bank application

We will show just one bank application for brevity. For other banks the scenario is similar. The real Hana Bank application can be downloaded from Google Play. It has the following layout and background.
korea-08

Read more…

February 5th, 2014

Back up your data with AVAST!

Did you ever lose your mobile device? Or did you ever accidentally drop it and could not restore your contact details, pictures, text messages? Perhaps you forgot that you have your brand new smartphone in your pocket, when you decided to jump into the pool during your vacation? We hope nothing like this has ever happened to you, but as they say forewarned is forearmed!

We thought of those possibilities at AVAST and came up with excellent solution: avast! Mobile Backup. It does magic: Saves your contacts, call logs, SMS history, photos, and other irreplaceable data to your AVAST Account (and, optionally, Google Drive) to ensure that your priceless data is never lost!

avast! Mobile Back is available for Android mobiles and tablets and comes up comes up with two different versions. The standalone Free version provides you with a basic backup options: Contacts, SMSs, pictures and call logs. For users who require more advances features such as backing up your music, applications and videos, we offer avast! Backup as a part of premium package, coming with avast! Mobile  Security.

Watch how avast! Mobile Backup works! 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
January 29th, 2014

How are you doing Mr. Android?

First of all, I would like to shift your attention a bit backwards. No worries! This is not a history lesson or something from the ancient past.  Rather, I would like to share with you folks some Android statistics from the last two years. Hopefully, it will give you a better idea about which malware is spread around the most. By the way, if growth of Android malware was on the stock exchange and you had invested some money in it, you would have become a billionaire a few months ago. So let’s check out some graphs!

cumulative samples 2

In the first graph you can see how many samples we have to process in our databases. It shows dates between 2010 through the end of 2013. Pretty nice growth, isn’t it? By the end of 2013, we had almost 800,000 unique suspicious Android samples which we had to process and cover in VPS updates.

detections

In the second graph, you can see the TOP 10 detections of malware families we have seen during the last half of the year. The majority are fake applications or data stealing apps. This group of malware can really easily mess up your device. Data which is mined from these apps can be used against you. Last year, I blogged about a few examples which we saw infecting devices – but that was just a piece of a bigger pie.

What might be strange in the second graph is that four of the top ten have something to do with SMS sending. That means they are able to steal your money using SMS messages. That’s probably the most common way for mobile cybercrooks to quickly steal money. For malware programmers, it is really easy to access those parts in devices and send premium messages.

I hope that even skeptics will agree that protecting your device from malware threats is necessary these days. :) Try avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

December 27th, 2013

What bugged AVAST users this year: Mobile malware and fraud

Last year, on Christmas day, over 17 million new mobile devices went online. Before the ribbons and wrapping paper could be discarded, cybercrooks started their attacks.
santa-with-mobile

In the first half of this year, experts said that 79 percent of all mobile malware attacks were on Android systems. When we asked Ondrej Vlček, AVAST’s Chief Technology Officer, about mobile security in 2013 and what we can expect in 2014, he answered, “Mobile threats will certainly continue to be on the rise. We see nearly 2,000 new malware samples on Android every day, and this is up from maybe 50 a year ago. It’s quite likely that the trend will continue. Especially if you are running an Android device, you absolutely need to install a security product.”

Online fraud goes viral on mobile

Paving the way for a mobile-payment driven future like Japan and Singapore have developed, mobile phones morphed into wallets during 2013, including SMS, WAP and near-field communications (NFC) payment. Data privacy and security have emerged as critical issues over the past few years, and will continue to be important as these new mobile payment options introduce new threats of data hacking and fraud.

AVAST detected an average of 1,839 new mobile malware samples a day, about 60 to 70% of which were designed to send and charge mobile users for premium SMS.

Speaking to SC Magazine about mobile malware, Vlček said, “Especially on Android, the KPIs are exploding, because its openness and design make it a logical choice for the attacker, and it has reached a critical mass in terms of penetration and market share.”  And, he adds, with the smartphone’s ability to send premium SMS and spam SMS messages offering new channels for malware writers to make money, it’s only going to get worse.

AVAST this year has also seen more targeted attacks where the goal is to steal users‘ financial transaction data and ultimately their money. This includes hacking specific banks by manipulating their Internet banking interfaces to steal the customer’s personal data.

BOGO AMSpost-en

It’s a good idea to follow Ondrej’s advice and get a mobile security product for your Android smartphone or tablet. We suggest PC Mag’s Editor’s Choice award winner, avast! Free Mobile Security.

Upgrade from avast! Free Mobile Security to avast! Mobile Premium for your device and get a second license free of charge for a friend!

To get this offer, install our top-rated avast! Mobile Security app, then click on the Go Premium! button and follow the instructions. This offer is valid from now until the end of December.

Buy One, Get One: avast! Mobile Premium.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
December 19th, 2013

The No. 1 app you need for your Android phone now

avast! Mobile Security is the number 1 app you need on your Android phone. Not convinced? If you already have an Android phone in your pocket, or if a new mobile phone or tablet is on your Christmas wish list, read this story shared with us by Jennifer:

BOGO AMS

 

The number 1 reason Jennifer got her phone back was that she had avast! Mobile Security installed. You need this too, because loss and theft happens all the time. Jennifer ended her story saying that she may install our pro version – if the price was right. Well, Jennifer, from now until the end of December, we are offering you and all other Android owners:

Buy avast! Mobile Premium for your device and get a second license free of charge for a friend!

To get this offer, install our top-rated avast! Mobile Security app, then click on the Go Premium! button and follow the instructions.  Read more about avast! Mobile Security’s features in avast! Mobile Premium: The Ultimate in Mobile Security.

BOGO AMSpost-en

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
December 17th, 2013

The essential security tool for traveling is on sale!

We’ve got the tool you need when you’re on the road this holiday season and all year long! Stay safe when using public WiFi ‘hotspot’ hp-securelinenetworks and access your favorite content from your PC with no regional restrictions when you use avast! SecureLine VPN.

Save 33% now on a 1 year avast! SecureLine license

avast! SecureLine secures your data and computer from intrusive hackers when using public WiFi hotspots at airports, cafes, libraries and hotels.

Your public WiFi communications are encrypted, which means that someone snooping on you will see a bunch of gibberish instead of your email, files, passwords, etc.

Your browsing is anonymous because avast! SecureLine VPN cloaks your IP address to keep your private searches private.

When you travel and need web access from different locations, you may find some sites blocked. Now you can use servers located in multiple countries (e.g. UK, USA, etc.) to access Geo-blocked websites like Netflix or Pandora.

You have until the end of the year to take advantage of 33% off a 1 year license for avast! SecureLine. Get it now!

Get avast! SecureLine VPN here.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off