A new Android mobile Trojan called SimpLocker has emerged from a rather shady Russian forum, encrypting files for ransom. AVAST detects the Trojan as Android:Simplocker, avast! Mobile Security and avast! Mobile Premium users can breathe a sigh of relief; we protect from it!
The Trojan was discovered on an underground Russian forum by security researchers at ESET. The Trojan is disguised as an app suitable for adults only. Once downloaded, the Trojan scans the device’s SD card for images, documents and videos, encrypting them using Advanced Encryption Standard (AES). The Trojan then displays a message in Russian, warning the victim that their phone has been locked, and accusing the victim of having viewed and downloaded child pornography. The Trojan demands a $21 ransom be paid in Ukrainian currency within 24 hours, claiming it will delete all the files it has encrypted if it does not receive the ransom. Nikolaos Chrysaidos, Android Malware Analyst at AVAST, found that the malware will not delete any of the encrypted files, because it doesn’t have the functionality to do so. Targets cannot escape the message unless they deposit the ransom at a payment kiosk using MoneXy. If the ransom is paid the malware waits for a command from its command and control server (C&C) to decrypt the files.
What can we learn from this?
Although this Trojan only targets a specific region and is not available on the Google Play Store, it should not be taken lightly. This is just the beginning of mobile malware, and is thought to be a proof-of-concept. Mobile ransomware especially is predicted to become more and more popular. Once malware writers have more practice, see that they can get easy money from methods like this, they will become very greedy and sneaky.
We can only speculate about methods they will come up with to eventually get their malicious apps onto official markets, such as Google Play, or even take more advantage of alternative outlets such as mobile browsers and email attachments. It is therefore imperative that people download antivirus protection for their smartphones and tablets. Mobile devices contain massive amounts of valuable data and are therefore a major target.
Ransomware can be an effective method for criminals to exploit vulnerable mobile users, many of which don’t back up their data. Just as in ransomware targeting PCs, this makes the threat of losing sentimental data, such as photos of family and friends or official documents, immense.
Don’t give cybercriminals a chance. Protect yourself by downloading avast! Mobile Security for FREE.
From governments to thieves to your wife – it seems that everyone has access to your private data.
If you have a smartphone or tablet, people around you can discover your most deeply held secrets. You put all your private data and personal information there and… it’s at risk. The possibility of losing your phone or getting robbed is a major concern.
Is there anything that we can do to protect our private data? Some skeptics say no. I’m an optimist; I think there is always a way. Working for a security company makes us think that there is always a way to protect ourselves, to avoid danger, and to care about other users.
- 1. Use a PIN, password or pattern in your device. I’m lucky to have a phone where the numbers change their position on the screen and make the lockscreen even more secure. There are some apps that make your password “random” (obeying rules you’ve previously set).
- 2. Lock your most private apps. Lock your log in data but also your own messages, emails, personal notes, contacts, everything is in your pocket. offers the feature to secure even more sensitive parts of your device with the avast! Mobile Security App Locker that automatically asks for a PIN when you start the app.
- 3. Do not save banking or credit card credentials in your phone or, at least, not in the mobile browsers. Some banks, at least here in Brazil, have their own mobile app that never saves the passwords or PINs. Now, for Android, there are free password managers that adds a new security layer while browsing.
- 4. Do not be a happy clicker. People who expose themselves to scams or spam links, who download each single app they see from any kind of source put themselves at risk. OK, you’ll say this is not you. But, do you think twice on clicking in social media links or shares?
- 5. Do not take, send, save or share nude photos. No, this is not a moral commandment. It’s a privacy one. Read more…
How to save a wet smartphone
It happened with me, I jumped in the swimming pool with my phone in the pocket. Unfortunately, it was not the first time my phone was drenched. Some years ago, the villain was the rain. I was using a smartphone app to monitor my running pace and it started to rain. Not a light refreshing rain – no, a deluge, a Heavy rain. My phone was protected, but that was just too much rain.
At that time, I didn’t know what to do and made the wrong decisions. Some modern phones are waterproof, but others aren’t, and an accident involving water can be fatal. I’d like to share these hints with you on what to do if your phone decides to take a bath.
- The first thing you should do NOW is a backup! You’ve heard this before, but have you done anything about it? It’s always better to be safe than sorry. Your photos, videos and musics, your apps and game data – everything could literally sink in water. We offer a simple, yet easy solution: avast! Mobile Backup protects your data against such accidents. Try now the free basic version from Google Play Store.
- TURN YOUR PHONE OFF If your phone was dropped into water, the first thing to do is TURN IT OFF. And not only press the on/off button, but also remove the battery and cards completely. It’s a race against time. Each second is vital to avoid an electric shock and motherboard crash.
- Let all the water flow freely. The best position for the phone is horizontal over a table on a dry piece of cloth. Do not rub, do not use cotton, do nothing… Just let the water drain out.
- Dry the device carefully. After that, take a dry cloth or some absorbent paper to dry the device completely. Hold it with the screen facing up to drain all the water that could stay inside. Try not to shake it.
- Be patient. Have a lot of patience. That’s the keyword here. Keep the phone open for a long time, at least 24 hours. Some technicians recommend to put it into a pot and fill with raw rice (or gel silica, if you have it with you) to absorb dampness.
- After 24 hours, remove all the rice (or the small pieces of gel silica) and have patience again. Leave it open and exposed to air. Do not use hair dryers. Do not put the phone directly in the sun, because you can do more harm than good (harm to the screen, battery, or even the plastic parts.)
- Only after other 12-24 hours you could try to put battery again and turn it on.
- Of course, if you do not have luck, you’ll have to take it to technical assistance. But we wish you luck and that your phone will work again!
Besides getting wet, your phone can be lost or you could get infected with the ever-increasing malware being written for Android. Protect your phone for free with avast! Mobile Security & Antivirus. Get it on Google Play. Don’t be one of these careless people who neglect to protect their phones!
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.
You could win 1 of 9 Nexus devices! All you have to do is visit the Android Police contest page and answer this question:
What feature (or features) would you like to see added to avast! Mobile Security?
Visit the Android Police contest page now, read through the description of the contest, and add your answer to the comments section. That’s it! You could win 1 of 9 Nexus devices! The contest begins now and will run for one week, ending on Saturday, April 20th at 12:00AM PT (Midnight). After that, winners will be picked randomly.
Enter now and share with your friends.
Learn more about avast! Mobile Security:
A Google alert just popped up this review from Android Authority titled: “The best just got better“. And I just love the writeup from the author Simon Hill…
“After trying a number of Android security apps and comparing their performance in independent tests it is easy to recommend Avast Mobile Security as your best option. The sheer variety of features is more in keeping with a premium app, but it is still completely free.”
So if you have an Android phone – and according to the latest data by Gartner there should be about 450 million of you out there – go to Google Play and get the best rated security app. For free.
I’m still having my old Nokia but I guess time has come to get the shiny Galaxy S3 and install as well
Eight months after the wildly popular release of avast! Free Mobile Security, we are pleased to launch avast! Mobile Security 2.0 for Android smartphones and tablets. Adding to its already feature-rich anti-malware and anti-theft capabilities, the latest version of avast! Mobile Security 2.0 is sure to be the best free security solution for Android on the market. You can download it from the Google Play store.
“The free-but-full-featured Android antivirus and anti-theft app has become the highest-rated security solution on Google Play store with a score of 4.7 stars,” said Ondřej Vlček, CTO of AVAST Software. “We protect over 8 million active devices now and we are growing by 1 million active devices per month,” added Vlček.
avast! Mobile Security 2.0 uses the same award-winning antivirus engine as avast! Antivirus products for PC and Mac and is constantly updated with a mobile version of our virus database and latest virus definitions. avast! Mobile Security 2.0 seamlessly integrates the most stealthy anti-theft component in the marketplace: Immediately upon detecting a threat, avast! Anti-Theft jumps into action without alerting thieves to its presence.
avast! Mobile Security 2.0 includes the following new features:
- Remote functions through the web portal - allows you to remotely control your avast!-equipped device(s) from the web. The web portal offers full control of the device to remotely locate, lock, or wipe your lost phone, sound an alarm, SMS and call forwarding, and a lot more. Access the interface on my.avast.com.
- Improved tablet support – with the popularity of Android tablets such as Amazon’s Kindle Fire and the Samsung Galaxy Tab, AVAST has worked to provide better compatibility with these devices, along with delivering a specific user interface tailored for the larger tablet devices.
- Network meter – review your data usage consumed by each app, individually for WiFi, 3G, or roaming networks.
- avast! Widget – from your device screen, the avast! Widget provides you a quick view of your overall security status, and the ability with one tap to access the main avast! Free Mobile Security interface, to run a malware scan of your installed apps, or bring up a dashboard of device health information such as CPU usage, memory usage, and SD Card free space.
- SiteCorrect™ – in a new feature unique to AVAST, our web protection will now detect common URL typing mistakes and can redirect you to the site you intended to visit.
- Custom name for Anti-Theft – this name is used to disguise the app from thieves’ eyes (e.g. label it “Dodo Gadget”)
- Real-time protection of apps – scan installed applications on their first execution
“We’ve now made the avast! Mobile Security product even better, and continue to keep the solution totally free,” commented Vince Steckler, CEO of AVAST Software.
The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.
The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.
Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.
The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.
- Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
- Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
- Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.
This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.
Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.
The second week of January 2012 started with amazing growth in terms of numbers for AVAST Software. Numbers and stats might not sound that “hot” and maybe you are wondering why I would write a blog post about it, but these numbers are REALLY HUGE and it is YOU – our avast! Community – who greatly helped us to achieve such results. Look at this:
1. Over 500,000 – fans of the avast! antivirus official page on Facebook.
It used to be that beta had a specific meaning. And I am not talking about Archimedes.
Beta once meant an early, test version of a program. Run it, play with it, and yes – you’ll find some bugs in there. Now thanks to Google, and its introduction of near-perpetual beta, the meaning has changed. And, this may be close to reality as one journalist told me last week, “Remember, people are beta, too.”
Hmmm, but as the journalist also pointed out, if a Google beta is essentially complete, then what is our new Android app – avast! Free Mobile Security? It’s out in beta form and it’s on the Google Market. As a dedicated punster, my first idea was to call it alpha-beta. But on a more serious note, I decided to talk to Ondrej Vlcek, our CTO, about what an AVAST Software beta is all about. So here it is: Read more…