In November, we called on our awesome advanced mobile beta testers to test the latest version of Avast Mobile Security. We listened to their feedback carefully and are proud to announce that the latest version of Avast Mobile Security is now available to everyone!
What’s new in Avast Mobile Security?
First and foremost, we have completely redesigned the virus scanner, making it faster than ever (up to 50% faster!). Then we improved support for Intel-based devices, optimizing the virus scanner for the best performance possible.
Finally, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!
Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium.
The new features in Avast Mobile Security are:
- A redesigned and faster than ever virus scanner (50% faster!)
- Improved support for Intel-based devices
- An awesome new referral program that rewards you for spreading the word about Avast Mobile Security!
How can I get the latest version of Avast Mobile Security?
If you don’t already have Avast Mobile Security, what are you waiting for?! Download it on Google Play now! Already have Avast Mobile Security? If you have enabled automatic updates in your Google Play settings, you are all set If you don’t have automatic updates enabled in your Google Play settings, you can visit our app on Google Play and upgrade manually!
Have fun using Avast Mobile Security – we look forward to hearing your feedback!
We would like to extend a special thanks to our beta testers, your feedback plays an extremely important role in developing our products!
One small Android application shows lots of determination and persistence. Too bad it’s evil.
The year 2014 was significant with a huge rise in mobile malware. One of the families impacting our users was malware Fobus, also known as Podec. This malware poses as a more or less useful application, but for sure it won’t be what the user expects. This malware usually has two language versions, English and Russian, and applications seem to be generated automatically.
All that, and a bag of chips
From the permissions in the manifest, we can see that once Fobus is installed on the victim’s device it cannot only send SMS and call premium numbers, which may cost a lot of money, but it also works as Spyware and can steal personal data from the infected device. That’s a lot of bad stuff packed into one small application.
Next up is a bit more technical stuff. If you are really eager, skip to Me thinks that something is amiss section to see how it works. Read more…
That’s good advice for hosting a Super Bowl party, going to a job interview, or if you lose your phone.
Not being prepared could prove disastrous in all three of those examples, but most people would agree that losing their phone with all the contacts, text messages, photos, and other irreplaceable data is worse than forgetting the Doritos or not answering an interview question well.
If you happen to lose your Android smart phone or tablet, or if someone steals it from you, do not despair. Our clever, FREE app, Avast Anti-theft, will help you find your phone and even, catch the thief.
What is Avast Anti-Theft?
Avast Anti-Theft is a free standalone application designed for Android smart phones and tablets. It’s main purpose is to help you locate your lost or stolen mobile device, allowing you to track it on a map and control it remotely. Since Anti-Theft is a separate application from Avast Mobile Security & Antivirus, it is completely invisible when it is running so that thieves don’t even know it’s there.
This infographic explains what you can do with your phone if you discover that it’s missing.
Locate your device on a map
Remotely locate your phone via GPS, Wi-Fi, or mobile network – for maximum accuracy.
Remotely lock your phone
Remotely lock your phone to prevent access to your personal data and settings.
Activate a siren remotely
Activate a loud, customizable siren, which reverts to maximum volume if thieves try to silence it.
If you spring for the paid version of Avast Anti-Theft, you get some additional, powerful features.
Take a photo of a would-be thief
You can set your device to lock access and take a picture of the person attempting to unlock it after three failed tries.
Remote data retrieval from your device
Retrieve call logs, SMS messages, and other personal data from your phone.
Avast Anti-Theft is available on Google Play, where it can be downloaded for free.
Your home router could be part of a network used to knock sites like Sony PlayStation network offline.
During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.
I’m not a hacker. Why should I care?
You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.
These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.
Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.
Lizard Squad has just proven that point.
Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”
How to protect your home router
Start by scanning you home network with Avast’s Home Network Security Solution.
Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.
The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.
For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.
Posting a privacy notice on your Facebook feed does nothing to keep your updates, photos, or videos private. You need to tweak the settings yourself.
You may have noticed a legal-sounding statement being shared on people’s Facebook News Feed lately. As we explained in the blog, Posting a privacy notice on Facebook is useless, this statement does nothing to protect users’ privacy. However, it’s great that Facebook users are concerned about these things – it demonstrates a leap forward in awareness and a desire to protect yourself. That’s why we are sharing the three major areas you need to be aware of when it comes to protecting your privacy:
- 1. Your posts
- 2. Your profile
- 3. Your apps
Your posts control who can see what you share when you post from the top of your News Feed or your profile. This tool remembers the audience you shared with the last time you posted something and uses the same audience when you share again unless you change it.
Your profile includes information about you like Work and Education, Places You’ve Lived, Family and Relationships, etc. To see how others view your profile, go to your profile and select View As… on the menu in the lower right corner of your cover photo. If there is information that you don’t want the world to see, then click Update Info at the bottom of the cover photo of your profile to make sure it’s up-to-date and shared with who you want.
Your apps are what you’ve logged into with your Facebook identity. More and more websites and applications, including Avast, are allowing you to do that, because it’s more convenient than creating a new username and password.
When you choose to use your Facebook information to log in, you are also sharing personal information from your Facebook account with the other website. Third party websites can also sometimes post updates to your wall on your behalf. You can edit who sees each app you use and any future posts the app makes for you, or delete the apps you no longer use. Edit your apps by going to your App Settings.
You can view other settings at any time in your Privacy Settings. Or click the padlock icon located in the top right corner.
Use Social Media Security in your Avast account
Every Avast customer has access to our Social Media Security check via your MyAvast account. You can secure your Facebook profile with:
- 24/7 check of all posts
- Protection from dangerous links and viruses
- Monitoring of all photos, friends, and activities
Here’s what you do:
- 1. Go to your my.avast.com account. Your Avast Account is created automatically from the email account entered for any Avast GrimeFighter purchase or Avast Free Antivirus registration. Here’s instructions on our FAQ if you don’t have an account.
- 2. On the bottom left side of the main screen, you will see Social Media Security. Click the blue button to begin a scan. (You may need to connect your Facebook account first.)
- 3. After the scan is complete, Social Media Security will show you all the issues that it found. You can choose to review each of those issues and disregard if it’s OK, or manage the settings within Facebook.
Other variations have come through in the past few days with legal-sounding statements, like this:
“In response to the new Facebook guidelines, I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, professional photos and videos, etc. (as a result of the Berner Convention)….”
The good news is that Facebook users are becoming more aware of privacy issues, and they seek a way to control their own shared media. The bad news is that this notification has no legal standing at all, you are bound to the terms and conditions that you agreed to when you signed up with Facebook, and you are annoying your friends.
The truth is that YOU own all of the content and information you post on Facebook, and YOU can control how it is shared through your privacy and application settings. If you neglect to look at those settings, you grant Facebook a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any content that you post on or in connection with Facebook.
In tomorrow’s blog, we will share the top 3 areas in Facebook where you need to make sure the privacy is set to your liking.
Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.
Internet of (Every)Thing at risk
The “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.
We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person. But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, cybercrooks will feel the space out probably starting with adware uploaded on our smart TVs.
What to keep your eye out for
- New technologies and businesses around the IoT including
- Increased demand for low cost bandwidth and processing
- Expansion of infrastructure that carries Wi-Fi traffic
- Start-ups focused on communication and sensors between devices, storage, data analytics
- Home and factory automation
- The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere
Room for improvement
- Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
- The fractured ecosystem will make it harder to identify threats or protect against security exploits.
- Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.
Social media world
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.
Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.
Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.
What to keep your eye out for
- Continuation of scams associated with important events like celebrity gossip or sporting events.
- Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
- More fraudulent and malicious ads will appear on social networks.
- Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.
Room for improvement
- Cut back on sharing too much on social media and through Internet of Things devices.
- Adjust privacy settings in each social network.
At the end of September 2014, a new threat for the Linux operating system dubbed XOR.DDoS forming a botnet for distributed denial-of-service attacks was reported by the MalwareMustDie! group. The post mentioned the initial intrusion of SSH connection, static properties of related Linux executable and encryption methods used. Later, we realized that the installation process is customized to a victim’s Linux environment for the sake of running an additional rootkit component. In this blog post, we will describe the installation steps, the rootkit itself, and the communication protocol for getting attack commands.
Installation Script & Infection Vector
The infection starts by an attempt to brute force SSH login credentials of the root user. If successful, attackers gain access to the compromised machine, then install the Trojan usually via a shell script. The script contains procedures like main, check, compiler, uncompress, setup, generate, upload, checkbuild, etc. and variables like __host_32__, __host_64__, __kernel__, __remote__, etc. The main procedure decrypts and selects the C&C server based on the architecture of the system.
In the requests below, iid parameter is the MD5 hash of the name of the kernel version. The script first lists all the modules running on the current system by the command lsmod. Then it takes the last one and extracts its name and the parameter vermagic. In one of our cases, the testing environment runs under “3.8.0-19-generic\ SMP\ mod_unload\ modversions\ 686\ “, which has the MD5 hash equal to CE74BF62ACFE944B2167248DD0674977. Read more…
For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.
So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.
Data breaches will continue
Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.
What to keep your eye out for
- Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
- Increase in phishing and social engineering attacks on employees of big companies in order to break in.
- Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
- More revelations that governments and even companies are using cyber attacks against each other.
- Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
- Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
- Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
- Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
- Consumers and companies should update from the old, vulnerable Windows XP.
Mobile is attractive to cybercrooks
Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information. Read more…
In last night’s broadcast of the Sugar Bowl, a showdown of two power-house college football teams in the USA, Allstate Insurance, aired a series of brilliant commercials about the risk of over-sharing on social networks. The social media team at Avast has been preaching this message for a while now, so we were happy to see this clever series of advertisements.
The ads are about a couple who shared on social networks that they were away from their house, actually attending the game. Allstate’s “Mayhem” character took advantage of this knowledge and broke into their unoccupied house, and proceeded to have a “MayhemSale” of all their possessions. “Buy Matt & Shannon’s stuff now at MayhemSale.com,” he announced, then soon after took to Twitter to sell off items one-by-one. I immediately visited the website, but apparently there were so many other interested people, that it kept crashing.
— Mayhem (@Mayhem) January 2, 2015
Burglars can easily search Facebook or Twitter for targeted keywords or see who has checked into airport lounges on Foursquare. According to FBI statistics, summertime is the most active for burglaries and oversharing can tip off thieves to your absence. Homeowners should be extra vigilant about protecting their goods.
Our advice – be extremely cautious what you share on social media, and wait until after you are back to share your vacation pictures.