Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Search Results

Keyword: ‘sms’
April 15th, 2014

AVAST helps user recover stolen phone; brother gets shot fighting thieves

Shahrukh Humayun's smartphone was stolen

Shahrukh Humayun’s smartphone was stolen

Two brave brothers fight off mobile phone thieves in Pakistan market.

We have heard stories about how avast! Mobile Security’s anti-theft feature has helped people recover their lost or stolen phones, but nothing as dramatic as Shahrukh Humayun’s tale of bravery.

Twenty year old Shahrukh and his 17-year old brother, Shoaib, live in Rawalpindi, Pakistan, the “twin city” to the capital, Islamabad. “Pindi” is a thriving urban area with good hotels, restaurants, museums, parks, and numerous markets and bazaars. It’s in one of those busy marketplaces that their story begins.

Shahrukh and Shoaib went to the market one day and were held up at gunpoint by thieves that demanded Shahruck’s HTC EVO smartphone.  Acting bravely to defend the expensive and precious device, Shoaib fought back against the bandits. They shot the teenager in the leg, stole the phone and fled the scene.

In his own words, Shahrukh described what happened:

Respected Avast! Team

I love the avast! android application as it helped me in catching the thieves who stole my mobile when I was in the market.

The story of the incident is that I visited market with my brother and I had a HTC EVO 3D X515m at that time. The thieves called me on the gun point while the area was empty. They asked me for the mobile and when my brother tried to take action they shot him on the leg.

Well, eventually I received an sms from avast that the sim have been changed. I checked my mobile as the GPS was active. I told the police about the incident on the same day and they found the thieves after 8 hours through the Google GPS connected with avast map.

Thank you avast!. Love you

1044816_478380138915077_764014148_n

Shoaib Humayun fought theives

All of us at AVAST were touched by the courage of these two young men when faced with danger. We are happy that our anti-theft product proved to be so useful in finding and recovering the phone. More than that, we were concerned about Shoaib. How has he fared since the incident?

Shahrukh gave us an update:

My brother is braver than me. As a result of that bravery he showed his best loyalty to me by fighting with those bandits and got shot on his leg. This event have passed 8 months and he got no sign of bruises on his leg. But thank God he is fine.

Thank you avast for helping me fight these bandits against their unlawful behavior for the country.

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

April 10th, 2014

Behind the CARO conference’s curtains: Meet AVAST speakers!

For seven years, the CARO Workshop has been hosted in Europe. It is an outstanding technical meeting, attended by some of the best malware researchers in the world. In 2014, the CARO workshop comes to America. ~CARO’s conference official website

We are proud and happy to introduce you to our AVAST speakers and Security Experts from the Virus Lab. Peter Kálnai and Filip Chytrý are going to CARO’s (Computer Antivirus Research Organization) workshop to“Declare war against Android Malware.” We sat together and talked about their presentation, mobile malware, and general trends in the security industry.

Meet our security experts: Peter and Filip.

 

The theme for this year’s CARO conference is Mobile Space: Malware in a mobile world. As security experts, what changes and specific trends in malware development have you observed?

FILIP Well, this may sound cliché,  but the amount of mobile threats are rising and more sophisticated attacks appear every day. A few years ago, we would observe mostly primitive malware with only one or two capabilities such as to send paid SMS or track your movements. Now, however we have malware that can root your phone and became a device administrator, or command and control Apps which take control of your device by attackers. That’s why I believe we can stay tuned for more conferences concentrated on Android malware.  CARO is first, but hopefully not the last, conference focused on Android and mobile threats.

PETER I can’t recollect a different example, but this year’s CARO Workshop seems to be the first IT security conference completely devoted to mobile malware. The topic of our talk reflects trends in the Android threat landscape. Security experts nowadays observe an increased ratio of total malicious Android packages to unique malware families. Two particular cases appear most: The expansion of usage of Android packers and repackaging benign application with malicious code, so called piggybacking. Read more…

April 7th, 2014

New AVAST survey shows people not so smart with smartphone security.

Smartphone owners are careless about security, says survey.

Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.

AVAST Software mobile security survey

AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…

April 2nd, 2014

Declaring machine war against malicious Android packages

machine_war_theme_jpg

Do you know the notion “machine war”? If you’re a fan of the Matrix movie trilogy then probably, yes. It denotes the fictional rise of artificially intelligent machines against the human race and their violent conquest of human beings. We want to apply a similar dominance of computationally powerful machines, not to create a population of slaves, but against numerous malicious Android packages that wildly proliferate on unofficial markets.

The idea of malware detection with no human interaction appeared earlier on our blog. In a fundamental article about AVAST research activities by AVAST’s COO, Ondřej Vlček, he effectively described the technologies we employ to deal with Windows threats. Two techniques have been mentioned explicitly, Malware Similarity Search and Evo-Gen, both working with Windows PE file format. Sometimes the latter form of detection technique is denoted as weak automated anti-malware heuristic.

The main effort is to reach two slightly conflicting qualities at the same time: The robustness, which means that suggested methods cover as many threats as possible; and simplicity, so that the methods are easily implemented in AVAST’s mobile security solution. The search for balance between those qualities is assisted by lessons learned from automated heuristic for Windows PE executables.

Read more…

March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 7th, 2014

Google Play: Whats the newest threat on the official Android market?

Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?

We’ve already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that  is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don’t want to have on your Android device.

Blg1

Starting with the application’s permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.

    <uses-permission android:name=”android.permission.CAMERA” />

Read more…

March 3rd, 2014

Fake Korean bank applications for Android – part 2

In February, we looked at the first part of the fake Korean bank application analysis along with Android:Tramp (TRAck My Phone malicious Android application), which uses it. In this blogpost, we will look at another two Android malware families which supposedly utilize the same bunch of fake Korean bank applications. At the end of this article, we will discuss the origin of malware creators.

Analysis of Android:AgentSpy

It is interesting to search for references of bank applications package names – KR_HNBank, KR_KBBank, KR_NHBank, KR_SHBank, KR_WRBank. One reference goes to a malicious application called Android:AgentSpy. The infection vector of this application was described by Symantec, contagio mobile and Alyac. We will not delve into details, we will just mention that the malicious application is pushed to a connected mobile phone via ADB.EXE (Android Debug Bridge). The uploaded malicious file is called AV_cdk.apk.

Android:AgentSpy contains activity MainActivity and several receivers and service CoreService.

BootBroadcastReceiver

Monitors android.intent.action.BOOT_COMPLETED and android.intent.action.USER_PRESENT and if received, starts CoreService. It also monitors attempts to add or remove packages – android.intent.action.PACKAGE_ADDED and android.intent.action.PACKAGE_REMOVED.

CoreService

1) Calls regularly home and reports available connection types (wifi, net, wap), IMSI, installed bank apps

2) Regularly polls C&C and responds to the following commands

sendsms – sends SMS to a given mobile number

issms – whether to steal received SMS or not

iscall – whether to block outgoing call

contact – steals contact information and upload them to C&C

apps – list of installed bank apps

changeapp – replaces original bank applications with fake bank applications

move – changes C&C server

PhoneListener receiver

Moniors new outgoing calls. If android.intent.action.NEW_OUTGOING_CALL is received, information about the outgoing call is sent to C&C.

Config class

Contains C&C URL, name of bank packages (String array bank), name of fake bank packages (String array apkNames). It also contains reference to conf.ini configuration file.

koreanbanks_agentspy_config

Analysis of Android:Telman

One more Android malware family, which uses fake bank applications is called Android:Telman. Similarly to Android:Tramp and Android:AgentSpy, it checks for installed packages of the above mentioned banks. Read more…

February 26th, 2014

Lost your phone? avast! Anti-Theft helps get it back!

Our AVAST mobile security developers labored over an ingenious feature that we hope you will never have to use. Losing your mobile phone may cause you to have a panic attack and cry uncontrollably, but if it happens to you, you can dry your tears because you have tools to find your phone when you install avast! Free Mobile Security with Anti-Theft.

What is avast! Anti-Theft?

avast! Anti-Theft is a separate program included in avast! Free Mobile Security. You can install it at the same time as the avast! Mobile Security product, or later as a separate installation. Its unique capabilities help you recover your phone by controlling it remotely with SMS commands or via the internet by logging in to your AVAST account.

Since Anti-Theft is a stand-alone application, once its launched, it hides itself, making it completely invisible to a potential thief. Read more…

Comments off
February 17th, 2014

Fake Korean bank applications for Android – PT 1

About a year ago, we published this analysis about a pharming attack against Korean bank customers. The banks targeted by cybercriminals included NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank, and Woori Bank. With the rise of Android-powered devices, these attacks now occur not only on the Windows platform, but also on the Android platform. In this blogpost we will look at a fake bank application and analyze several malware families which supposedly utilize them.

Original bank application

We will show just one bank application for brevity. For other banks the scenario is similar. The real Hana Bank application can be downloaded from Google Play. It has the following layout and background.
korea-08

Read more…

February 5th, 2014

Back up your data with AVAST!

Did you ever lose your mobile device? Or did you ever accidentally drop it and could not restore your contact details, pictures, text messages? Perhaps you forgot that you have your brand new smartphone in your pocket, when you decided to jump into the pool during your vacation? We hope nothing like this has ever happened to you, but as they say forewarned is forearmed!

We thought of those possibilities at AVAST and came up with excellent solution: avast! Mobile Backup. It does magic: Saves your contacts, call logs, SMS history, photos, and other irreplaceable data to your AVAST Account (and, optionally, Google Drive) to ensure that your priceless data is never lost!

avast! Mobile Back is available for Android mobiles and tablets and comes up comes up with two different versions. The standalone Free version provides you with a basic backup options: Contacts, SMSs, pictures and call logs. For users who require more advances features such as backing up your music, applications and videos, we offer avast! Backup as a part of premium package, coming with avast! Mobile  Security.

Watch how avast! Mobile Backup works! 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off