As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.
The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, ” it soon turns evil.”
The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.
Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.
How to protect your Android device from infection
- Only install apps from trusted stores like Google Play
- Avoid clicking on links from ads, SMS, websites, or emails
- Keep your device and apps up up-to-date
- Install protection that scans apps like Avast Mobile Security
Avast Free Antivirus just received another AV-Test certification for its stellar protection against real-world threats, performance in daily use, and usability.
Yay! It’s like collecting another trophy for the display case or another blue ribbon to hang on the wall, but what does it really mean? How is this type of testing useful for you, our customers?
Ondrej Vlcek, Avast’s Chief Operations Officer explains,
Because of the overwhelming growth of malware targeting consumers and businesses, labs like AV-Test Institute have become an invaluable independent source of data to Avast. Their research has influenced our engineers to expand their knowledge of malware, revolutionize diagnostic and detection methods, and facilitate strategies to get real-time updates to hundreds of millions of people who put their trust in our antivirus products.”
Here’s a little background on the testing lab.
AV-Test Institute is an independent lab designed specifically for testing and researching malware. Located in Magdeburg, Germany, they inhabit 1200m² (12,900 ft²) of space with 3 server rooms and a variety of main and secondary laboratories.
Cybersecurity is not limited to your office or home. Nowadays, many of us use the same devices for work and personal business, so when traveling we need to be extra diligent to protect our devices and the data we have on them. If you use common sense and a bit of Avast technology, all your devices – laptops, smartphones, and tablets, can remain secure wherever you are.
Here are a few things you can do before you go and while you’re on-the-road:
1. Install antivirus protection. Your first and best line of defense on your PC or Android device is antivirus protection. Install it and make sure it is up-to-date.
2. Keep your operating system and software up-to-date. Hackers take advantage of software with security holes that have not been plugged, so take time regularly to make sure that your software and apps have patches and updates applied.
3. Lock down your device. Make it a habit to lock your PC and phone with a PIN, password, or even a fingerprint. Avast Mobile Security even allows you to password-protect your apps. Before you travel, make sure your critical apps, like access to your bank, are protected.
Scammers rob elderly victims of an estimated $3 Billion per year.
A scam that has been around since at least 2008 is still active and targeting elderly folks. Seventy-four year old Avast evangelist, Bob Gostischa, who knows a thing or two about scams, security, and privacy, received a call just yesterday from a scam artist attempting to steal money. “If it happened to me, I’m sure it’s going to also happen to others,” said Gostischa.
Here’s the basic premise:
Someone either calls or emails pretending to be your grandchild. The typical story is that they have been wrongfully arrested and need bail money wired right away. Another variation says they are traveling and have been mugged or even in an accident and badly injured. After going through this frantic sob story, and if they sense that their victim is falling for it, the scammer asks for money to be wired through services such as Western Union and MoneyGram.
After the phone call ended, Bob sent us a transcript so we could share it with Avast Blog readers. “I consider myself lucky because the first instinct was wow, how can I help her…?,” he said. “I guess we all really need to be very vigilant at all times.”
Caller: Hello Grandpa, this is your granddaughter. I have laryngitis so I don’t sound like myself
Bob: You certainly don’t. Which granddaughter?
Caller: What do you mean?
Bob: Well, I have several. Read more…
While the rest of us were soaking up the last of the season’s sunshine, Apple researchers spent the weekend removing hundreds of malicious apps for iPhone and iPad from the iOS App Store.
“The recent exploit on Apple has shown us that even Apple’s system can be compromised quite easily,” said Avast security researcher Filip Chytry. “While this time nothing significant happened, it is a reminder that having everything under an Apple system could potentially make a system vulnerable.”
The malware seems to have been focused on Chinese users. Chinese media reported more than 300 apps including the popular instant messaging service WeChat, Uber-like taxi hailing program Didi Kuaidi, banks, airlines, and a popular music service were infected.
The malicious software programs got by Apple’s strict review process in an ingenious way. Hackers targeted legitimate app developers by uploading a fake version of Xcode, Apple’s development software used to create apps for iOS and OS X, to a Chinese server. It’s a large file, and reportedly quite slow to download from Apple’s U.S. servers, so to save time, unwitting Chinese developers bypassed the U.S. server and got their development tools from the faster Chinese server. Once their apps were completed, the malicious code traveled Trojan-horse style to the App Store.
“If hackers are able to exploit one entry point, they are able to attack all of the other iOS devices – and the fact that Apple doesn’t have a big variety of products makes it easier,” said Chytry.
The Avast Sandbox lets you run a questionable program without risking your computer.
The Avast Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. This is particularly useful if you don’t completely trust whatever you just downloaded or you visit dodgy websites because programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files.
Here’s how it works: By default, if an application is started and Avast detects anything suspicious, it will automatically run the application in the Sandbox. The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.
The browser or other application will then open in a special window, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.
The Avast Sandbox is part of Avast Premier 2015, Avast Internet Security 2015 and Avast Pro Antivirus 2015.
Diamond rings and an Audi R8 can be mine just for the simple actions of liking and sharing on Facebook. NOT!
In the past week, three fake giveaways have come across my Facebook newsfeed – two of them today! These were shared by otherwise intelligent friends, so that makes me think all kinds of other people are falling for the scam. I’m sharing these with you, so you’ll know what to look out for.
Each scam promises that you could win a valuable prize just by liking and sharing the post. This one is for an Audi R8 V8, and every time I’ve seen it, it’s originates from a different page. The instructions are always the same – for a chance to win, you must like the page, request your desired color in the comments, and share the post with your friends.
This type of social engineering scam is called like-farming. It is designed to gather many page likes and shares in a short amount of time, and since Facebook’s algorithms give a high weight to those posts that are popular, they have a high probability of showing up in people’s newsfeeds. Scammers go to all this trouble for two purposes: The pages can later be repurposed for survey scams and other types of trickery that can be served to a large audience. And pages with large numbers of fans can be sold on the black market to other scammers with creative ideas.
“Biggest iPhone hack ever” attacks jailbroken phones
In what has been called the biggest iPhone hack ever, 250,000 Apple accounts were hijacked. That’s the bad news.
The good news is that most Apple device users are safe. Why? Because the malware dubbed KeyRaider by researchers at Palo Alto Networks, only infects “jailbroken” iOS devices. (there’s that bad news again)
When you jailbreak a device like an iPhone or iPad, it unlocks the device so you can do more with it like customize the look and ringtones, install apps the Apple normally would not allow, and even switch carriers!
The KeyRaider malware entered the jailbroken iPhones and iPads via Cydia, a compatible but unauthorized app store, which allows people to download apps that didn’t meet Apple’s content guidelines onto their devices. The malware intercepts iTunes traffic on the device to steal data like Apple passwords, usernames, and device GUID (“Globally Unique Identifier” which is your ID number similar to your car’s VIN). Users reported that hackers used their stolen Apple accounts to download applications from the official App Store and make in-app purchases without paying. At least one incident of ransomware was reported.
Chinese iPhone users with jailbroken phones where the primary attack target, but researchers also found incidents in 17 other countries including the United States, France, and Russia.
Every day, millions of people get scam phone calls. In the U.S. alone there are more than 86 million scam calls each month.
Consumer phone scammers often use cheap robocalling services; automatic dialers that make thousands of phone calls every minute for a low cost. They hope to catch someone who is not aware of the system or hasn’t heard of phone scams. A recorded message will say you qualify for a special program to lower your credit card interest rate or that something is wrong with your computer. When you press a number to learn more, the scam kicks in. The unfortunate victims are often elderly people, recent immigrants, and young college students.
‘We have detected a virus’
The most popular type of phone scam is the bogus tech support claim. The one that has been around for a few years (also read Don’t be fooled by support scams) involves a caller claiming they are a computer technician employed by Microsoft, McAfee, or even, Avast. They say they have detected a problem, commonly a virus or malware, on your computer and can fix it for a fee – sometimes as high as $450.
Once the frightened consumer agrees, the phone scammer has them download software for remote access. You can imagine what changes a crook can make to computer settings which allows them access later.
Other tactics tech support scammers take include:
- Enroll their victim in a bogus computer maintenance program
- Collect credit card information to bill for services
- Install malware that can steal personally identifiable information like passwords and account numbers
A popular dating site and a huge telecommunications company were hit with malvertising.
Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.
Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.