Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus


Posts Tagged ‘adware’
October 21st, 2015

Fake Chrome browser replaces real thing and serves up unwanted ads

Is something not right with your browser, but you can't quite figure out what?

Is something not right with your browser, but you can’t quite figure out what?

Does your Chrome browser seem a little “off”, but you can’t figure out why? Maybe it’s eFast.


Here’s another reason to slow down when installing software, especially free software. A new Potentially Unwanted Program (PUP) disguised as the Google Chrome browser is sneaking onto users computers bundled with legitimate software, hidden deep within the ‘Custom’ or ‘Advanced’ settings that most people skip over. Once installed, eFast, as it has been called, serves up ads and tracks your online activities and sells personally identifiable information to advertisers.

“Read the installer screens to make sure what they actually install,” warns Michal Salat, researcher in the Avast Virus Lab. ” The Next->Next->Next->Done approach is exactly why we deal with PUPs daily. If there isn’t an option not to install some additional software, terminate the installer immediately. Better safe then sorry.”

Researchers at Malwarebytes says that eFast actually installs a new browser rather than hijacking your existing one. If you already have Chrome installed, it will replace it making itself the default browser. The fake browser uses the same source code for the user interface as the real thing making it difficult to tell the difference. It is so tricky that it even replaces shortcuts on your desktop that look similar to Google Chrome.

Read more…

October 9th, 2015

More malware found on third party app stores

As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.

image via the FireEye blog

image via the FireEye blog

The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, ” it soon turns evil.”

The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.

Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.

How to protect your Android device from infection

  • Only install apps from trusted stores like Google Play
  • Avoid clicking on links from ads, SMS, websites, or emails
  • Keep your device  and apps up up-to-date
  • Install protection that scans apps like Avast Mobile Security

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

August 4th, 2015

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware

If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

Read more…

December 5th, 2014

Fake free codes scam affects PSN and Steam users

Some webpages are giving away free codes for Playstation Network and Steam but, are they reliable?

At Avast we discovered a lot of webpages offering free codes, with a value from $20 to $50, for Playstation Network and Steam, two of the most important internet-based digital distribution platforms. Those webpages look very suspicious so we decided to analyze them.

We chose one of those webpages and followed all the steps required in order to get our “free code” for Playstation Network or Steam.


After a first look at the main page, we found some suspicious items. To prove how trustworthy the transaction is, the webpage placed two security “certifications” in a visible location, but as we discovered, no security companies are associated with those certifications. They are completely fake!

Also, there’s a label with user ratings (4 ½ stars!), but we cannot rate the webpage; it’s just an image. Both fake images make the users think that they are in a safe and reliable website.

What happens when we click on a gift card? Are we going to receive the code?

The answer is no.

Let’s see what’s next:


When we click on a gift card¸ instead of receiving the promised free code, we are asked to share a link with our friends in order to unlock the code.

Why do they do that?

When we share the link we are contributing to an increase in the number of visitors and, of course, the number of people that will try to redeem the “free code.” Keep this in mind, it will be important at the end of this post.

Ok, we already invited 5 of our friends and, in theory, we unlocked the code. Is this the last step? Are we going to receive the code now?


Again, the answer is no.

Looks like they don’t want to give us the code. Suspicious, right? So, what do they want now?

As we can see in the image, in order to receive our PSN code, we need to complete a short survey (like inviting 5 friends wasn’t already enough?!).

When we click on one of the surveys, a little pop-up with a message appears on the top of the screen. The message says: “You must use your VALID information while filling this offer out”.

Why do they need our VALID information?

Here’s the reason:



In order to receive the code, we need to introduce our phone number – our VALID phone number. But wait, before doing that, let’s read the text at the bottom of the page.


Surprise! It’s a premium SMS service with a total amount of 36,25€/month (>$40/month)! If we enter our phone number, we will be automatically subscribed to this premium service.

Remember the 5 friends you sent the link to? Well, now imagine how many people can fall into this scam just by sharing a link to 5 friends: 5+(5*5)+(5*5*5)+… creepy, right?

And of course, there’s no free code for your PSN or Steam accounts.

Unfortunately, there’s a lot of webpages using the same method to get user’s money. Also, there are other webpages offering software to generate codes. Cybercrooks create those
fake apps and get money from “download servers” because they bring
them users.

Tonda Hýža, from the AVAST Virus Lab, described those webpages as Adware due to the big amount of lies, advertisements and weird privacy policies.

Make sure you share this alert with your gamer friends J

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Categories: General Tags: ,
June 26th, 2014

12 angry minions

avast! GrimeFighter is one of the most popular new products among AVAST users.

However, many of you still don’t know the benefits of it or what avast! GrimeFighter does. Therefore we have prepared a series of articles with a “movie theme” to show you the functionality of our Grime-fighting minions! The first one, Learn everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!, gave you an overview of product functionality. Now let’s dig a bit deeper into the subject.

12 Angry minions.

The Grime Fighter crew work together towards one goal: Cleaning and optimizing your PCs performance. They have no mercy for temporary and unwanted files and apps, including ‘bloatware’ and ‘crapware’. This is a very complicated task, therefore our 12 Angry minions analyze each element in depth before deleting anything that is actually important to you. This influences the time of the cleaning process (it takes up to 4 hours depending on the initial state of your PC), but also ensures results: A more efficient and faster machine. Although our minions make it look easy and entertaining, cleaning Grime so thoroughly is a complex task!
avast! GrimeFighter optimizes your PC better than other products.

For the same reason each minion has it’s specialization and focus on different tasks:

OFFICER PETE is head of the GrimeFighter team.

KOBAYASHI sneaks up on malware to eliminate it from your PC.

NIKITA specializes in cleaning and maintaining your web browser.

DALE JUMPSHOT JR. focuses on removing crapware and bloatware to speed up Windows load time.

BEEF strengthens the security of your applications.

TORQUE tuns up and optimizes Windows services and settings.

SIR JEFFREY investigates and analyzes your PC hardware components.

MARIO analyzes your network connection for security and speed.

DR. LIZA analyzes and classifies all of the stuff on your hard drive.

ZILCH takes out the trash on your PC to free up your drive space.

MAXIMUS analyzes and researches the newest hacking trends the instant they emerge, and  last but not least HOLMES focuses on your privacy settings.

The avast! Minions perform deep analysis, by booting your PC into Linux to identify Grime and clean every corner of your PC. Some forms of Grime are hard to remove when Windows is running, but can’t hide when we sedate your computer. Unwanted files and apps go by many names, including ‘bloatware’, ‘crapware’, and sometimes even half-jokingly using the name ‘virus.’ We define all of these as ‘Grime.’ The image below visualize Minions in action. 

Minions in actions


To summarize: Computer users can download avast! GrimeFighter’s scan tool to have their PC examined for free. It finds anything that slows the PC. If users then want to clean their PCs, they may buy their own GrimeFighter license, to purge Grime from the PC. GrimeFighter’s minions do all the maintenance work… while you surf the web or sip a cup a tea. For more information, please visit our website.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

January 20th, 2014

Nice apps get bad makeover after spammers buy them


Spammers buy Chrome extensions and turn them into adware ~PC World

This is one “before and after” picture that we didn’t want to see. Someone contacted the original developers of Chrome extensions Add to Feedly and Tweet This Page with an offer to purchase. Thinking it was a good opportunity for a company with more time and money to further develop what they started, both developers sold perfectly nice apps. It wasn’t until the next automatic update that the true transformation was revealed.

Even though users didn’t know about the sale of the extensions, angry reviews indicated that a change had been made. The app was accused of spamming because it had silently updated the extensions to inject ads and affiliate links. Amit Agarwal, Add to Feedly‘s original author told PC World, “These aren’t regular banner ads that you see on webpages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links. In simple English, if the extension is activated in Chrome, it will inject adware into all webpages.”

Over the weekend, the two extensions were removed from the Chrome Web Store.

How to remove bad extensions and toolbars from your computer

“Both of these add-ons are categorized as “very bad” in the avast! Browser Cleanup database,” said Thomas Salomon, head of AVAST Software’s Browser Cleanup development.  “Browser Cleanup will remove them without any trace. This means they’ll be removed the same way as any other bad add-on/toolbar.”

Browser cleanup screenshot

Open the AVAST user interface to access Browser Cleanup

avast! Browser Cleanup lists all poorly rated add-ons, extensions, and toolbars for the 3 major internet browsers, Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome, and allows you to disable or remove them. It works by scanning the browser environment, then displays a list of any bad toolbars you may have, and asks if you want the offending toolbar removed. If you authorize it to do so, then Browser Cleanup will remove them.

There are more than 7,500,000 different browser extensions for the three main browsers. AVAST currently receives 1 million requests every day to remove browser toolbars. Read more about annoying toolbars from this blog post by Thomas Salomon.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

1/21 updated number of browser extensions. It keeps growing!

Comments off
January 9th, 2014

Comparison of Adware in Windows and OS X: Linkular and Genieo

By definition, Adware is a program bundle which renders advertisements in order to generate revenue for its author. In a more strict sense, e.g. for security solutions, it means an application/installer whose nature lies somewhere between a potentially unwanted application and proper malware, like Trojans or Spyware. It might use more or less aggressive methods, starting with tricks and ending with fraud, to achieve its goals to benefit its distributor, while staying as innocent as possible on first sight. We blogged about an adware downloader a year ago.

Now we focus on two selected adware examples: The first is a Windows installer called Linkular and the second is a well-known application called Genieo (with a focus on its OS X version.) Being in the wild for a few months, the detection within AV products reached only partial coverage in both cases, with very similar numbers on VirusTotal (~10-20 %, see Sources below). However, the OS X adware Genieo is additionally flagged by OS X-specific security solutions. Considering maliciousness, the Windows adware is far more dangerous and invasive than the OS X one and also more than other Windows Adware examples we usually see. Here’s the comparison:

property Win32:Linkular MacOs:Genieo
Distribution strategy Advertisement Network unknown
Software Download site
Rank on ~4200 ~3000
Masking VLC Player + Addon Flash Player (*)
Payload SpeedUpMyPC; Multiplug; Bitcoinminer;OneStep/BasicServe Codemc;; Qtrax(**)
Forced agreement of terms of use YES NO
Change of browser start page YES YES
Persistance YES (of payload) YES
Obfuscation YES (of payload) NO
Digitally signed YES (both installer & payload) YES

(*) masking is not connected with the official site, but some of its distribution partners

(**) related to older installers; not presented anymore

Read more…

April 17th, 2013

Make money fast via torrents

Several months ago I wrote a blog post about an adware downloader which after execution downloaded a few adware programs and installed them on the computer, giving no chance for the user to skip or bypass their installation. This time, we will analyze an application, which installs similar types of adware programs on user computers.

We received a file which appeared to be a crack of Pinnacle Studio HD Ultimate. After displaying the initial splash screen, it offers the user to install Pinnacle Pixie Activation 500. After confirmation, the crack is installed, but in addition to the crack, other programs and toolbars unexpectedly appeared on the compromised computer. Pinnacle was not the only target of this kind of attack. Cracks for programs like Sims, Nero, Rosetta Stone, and Pro Evolution Soccer 2013 were also used in distribution.


Read more…

Comments off
October 8th, 2012

Fake “Bad Piggies” infect Google Chrome users

Bad Piggies, the spin-off game to Rovio’s wildly popular Angry Birds, hit the online stores last week, and following in its sizable wake were fake versions designed to install an aggressive adware program into Chrome browsers. Reportedly, over 83,000 Google Chrome users have been infected.

Cybercrooks found a niche because Bad Piggies is only available for Android devices on Google Play (free) or Apple devices ($0.99 for iPhone and $2.99 for iPad) on iTunes. Free versions of Bad Piggies that claimed to be from the creators of Angry Birds appeared on the Chrome web store shortly after the release. The top 3 listed are called Bad Piggies, but they are from different companies; padeba,, and the HD version from HitsGames. They have over 13,000 downloads.

Reviews of the games reveal the anger and disappointment of Rovio fans. Read more…