Not too many years ago we had phones that only made calls. Smartphones are the newest generation of phones that bring a lot of possibilities right to our fingers through the apps specifically designed for them. We all got used to the Windows (or Mac) world, but now we are witnessing a revolution from “standard” programs and some specialized tools to a world where every common thing can be done by our smartphones. Sometimes it seems, that the device is smarter than we are!
But can it protect itself from the increasing number of threats?
You’ll find a lot of articles on the Internet which state that security companies exaggerate the need for mobile security and antivirus protection. You’ll read that Google Play and the new security technologies of Android Lollipop are the only things necessary for security. I could post many examples of such (bad) tips, but I don’t want to waste your time or mine.
Do you use only Google Play as your app source?
A common (and wise) security tip is to stick with Google Play for downloading apps. This is good advice despite the fact that we see here in the Avast blog that Google Play fails to detect some apps as malware. Look for our mobile malware senior virus analyst Filip Chytry’s articles. He continuously discovers holes in Google Play security.
However, what if you want apps that have been banned from Google Play? No, I’m not talking about (just) adult apps. Google banned anti-ad apps, for instance. So where is a safe place to get them? The answer is simple: outside of Google Play. The Amazon Appstore for Android is quickly increasing the possibilities.
Do you think that clean apps can’t become bad ones?
Clean apps can become bad ones, and with the new Google Play permission scheme, you may not even notice. This makes updating your apps (another very common and wise hint) an additional complication.
As the apps we love can turn against us, the best tip of all is that you install a mobile security app that helps you know what it being added to your phone. Avast Mobile Security updates its virus database very often to detect the latest threats and allows you to install securely all the apps you love.
This makes you smarter than your smartphone!
More easy things you can do to secure your smartphone and tablet.
On our blog last week, we shared the first 7 easy security measures to protect your Android devices and the data stored there. But we haven’t finished them. Let’s go a little further.
8. Keep an eye in your phone or, if you can, set Geofencing protection
Don’t put your phone down and go somewhere else. And if you’re having fun in a bar and drinking a beer with friends, have a lucid thought before starting: Turn the Avast Geofencing module on. It’s easy. Open Avast Premium Mobile Security > Anti-Theft > Advanced Settings > Geofencing.
9. Be aware of what permissions apps require
Why should a flashlight app need access to your contacts? Why would a calculator need access to your photos and videos? Shady apps will try to upload your address book and your location to advertising servers or could send premium SMS that will cost you money. You need to pay attention before installing or, at least, uninstall problematic apps. It’s not easy to find a way (if any) to manage permissions in a non-rooted Android phone.
We have written about this before as apps could abuse the permissions requests not only while installing but also on updating. Read more to learn and be cautious: Google Play Store changes opens door to cybercrooks.
10. Keep your device up-to-date
Google can release security updates using their services running in your devices. Developers can do the same via an app update. Allow updates to prevent vulnerabilities, the same as you do in your computer. But pay attention to any changes. See tip #9.
You can encrypt your account, settings, apps and their data, media and other files. Android allows this in its Security settings. Without your lockscreen PIN, password or gesture, nobody will be able to decrypt your data. So, don’t forget your PIN! Nevertheless, this won’t encrypt the data sent or received by your phone. Read the next tip for that.
12. In open/public Wi-Fi, use a VPN to protect your communication
Cybercrooks can have access to all your data in a public, open or free Wi-Fi hotspot at the airport or in a cafe. Avast gives you the ability to protect all inbound and outbound data of your devices with a secure, encrypted and easy-to-use VPN called Avast SecureLine. Learn more about it here.
13. Set the extra features of Lollipop (Android 5)
If you’re with Android Lollipop (v5), you can set a user profile to allow multiple users of the same device. You can create a restricted user profile that will keep your apps from being messed with by your kids or your spouse.
You can also pin the screen and allow other users to only see that particular screen and nothing more. It will prevent your friends and coworkers from accidentally (or on purpose) looking into your device.
14. Backup. Backup. Backup.
Well, our last tip is common digital sense. If everything fails, have a Plan B, and C and D… With Avast Mobile Backup you can protect all your data: contacts, call logs, messages, all your media files (photos, musics and videos) and your apps (with their data if you’re rooted) in safe servers. If your device gets broken, lost or stolen, everything will be there, encrypted and safe, for you to restore to your new device.
Have you followed all our tips? Are you feeling safe? Do you have an extra protection or privacy tip? Please, leave a comment below.
Avast Mobile Security includes many handy anti-theft features that can help you locate your stolen or lost phone. You can wipe it remotely, it informs you if your SIM card has been stolen, and even allows you take pictures of the person who took your phone. Another cool feature of Avast Anti-Theft is the siren. I decided to test the siren with my friend, who had just downloaded Avast Mobile Security, to see how it could affect a phone thief.
What does the Avast Anti-Theft siren do?
The Avast Anti-Theft siren was developed by the Avast mobile team to be activated when you either lose your phone (even if it is misplaced in your room and on silent) or if it gets stolen. The siren continuously and loudly says the following, by default, when activated: “This device has been lost or stolen!”. In the advanced settings of Avast Mobile Security you can customize what message the siren will sound, if you do not want to use the pre-set message. You can do this under “Select Sound File” or “Record Siren Sound”.
The siren is designed to frighten phone thieves, or to warn people surrounding the thief that the phone might be in the hands of the wrong person. When the first siren cycle began, we tried to turn down the volume. However, the alarm would begin again at the loudest possible volume. We then decided to see what would happen if we took out the battery, this stopped the siren of course, but as soon as we put the battery back in, the siren started to go off again. To say the least, we agreed that it would effectively frustrate and annoy a thief too.
How to turn off the siren
After a minute of testing the app, we decided to turn off the siren using one of these two possible methods:
MyAvast: You can control your phone remotely via your MyAvast account. In your MyAvast account you can keep track of all your devices that have Avast products installed on them. From within your MyAvast account you send numerous Anti-Theft commands to your phone, including activating and deactivating the Anti-Theft siren. Once you are logged into your MyAvast account click on the name of the mobile device you want to control and then click on the siren symbol. From there you can send a command to turn the siren on and off.
SMS command: Using the Avast PIN you set up when you downloaded Avast Mobile Security, you can send SMS commands to your phone to remotely control it. To turn the siren off, text your Avast PIN followed by “SIREN OFF” to your phone.
Have fun checking out Avast Mobile Security’s cool and handy Anti-Theft features, but, please, use caution when testing the siren
A couple of days ago, a user posted a comment on our forum regarding apps harboring adware that can be found on Google Play. This didn’t seem like anything spectacular at the beginning, but once I took a closer look it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies.
The Durak card game app was the most widespread of the malicious apps with 5 – 10 million installations according to Google Play.
When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?
Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.
An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don‘t stop. This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised “solutions” and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.
Avast Mobile Premium detects these apps, protecting its users from the annoying adware. Additionally, the apps’ descriptions should make users skeptical about the legitimacy of the apps. Both in English and in other languages such as German, were written poorly: “A card game called ‘Durak‘ – one of the most common and well known game“.
The apps‘ secure hash algorithm (SHA256) is the following: BDFBF9DE49E71331FFDFD04839B2B0810802F8C8BB9BE93B5A7E370958762836 9502DFC2D14C962CF1A1A9CDF01BD56416E60DAFC088BC54C177096D033410ED FCF88C8268A7AC97BF10C323EB2828E2025FEEA13CDC6554770E7591CDED462D
A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.
We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.
1. Set your lockscreen
You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.
2. Hide your passwords from nosy people
You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.
3. Protect your apps with a PIN
Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.
4. Disable installation of apps from unknown sources
If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page. Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.
5. Set Avast Mobile Security to scan any app before installing
If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.
6. Disable USB Debugging
This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.
7. Install and set Avast Anti-Theft
This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.
We’ll talk about the other 7 tips in next days, so come back to the Avast blog.
In November, we called on our awesome advanced mobile beta testers to test the latest version of Avast Mobile Security. We listened to their feedback carefully and are proud to announce that the latest version of Avast Mobile Security is now available to everyone!
What’s new in Avast Mobile Security?
First and foremost, we have completely redesigned the virus scanner, making it faster than ever (up to 50% faster!). Then we improved support for Intel-based devices, optimizing the virus scanner for the best performance possible.
Finally, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!
Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium.
The new features in Avast Mobile Security are:
- A redesigned and faster than ever virus scanner (50% faster!)
- Improved support for Intel-based devices
- An awesome new referral program that rewards you for spreading the word about Avast Mobile Security!
How can I get the latest version of Avast Mobile Security?
If you don’t already have Avast Mobile Security, what are you waiting for?! Download it on Google Play now! Already have Avast Mobile Security? If you have enabled automatic updates in your Google Play settings, you are all set If you don’t have automatic updates enabled in your Google Play settings, you can visit our app on Google Play and upgrade manually!
Have fun using Avast Mobile Security – we look forward to hearing your feedback!
We would like to extend a special thanks to our beta testers, your feedback plays an extremely important role in developing our products!
One small Android application shows lots of determination and persistence. Too bad it’s evil.
The year 2014 was significant with a huge rise in mobile malware. One of the families impacting our users was malware Fobus, also known as Podec. This malware poses as a more or less useful application, but for sure it won’t be what the user expects. This malware usually has two language versions, English and Russian, and applications seem to be generated automatically.
All that, and a bag of chips
From the permissions in the manifest, we can see that once Fobus is installed on the victim’s device it cannot only send SMS and call premium numbers, which may cost a lot of money, but it also works as Spyware and can steal personal data from the infected device. That’s a lot of bad stuff packed into one small application.
Next up is a bit more technical stuff. If you are really eager, skip to Me thinks that something is amiss section to see how it works. Read more…
As a malware analyst, I find new pieces of malware day in and day out. In fact, I see so many new malware samples that it’s difficult for me to determine which pieces would be really interesting for the public. Today, however, I found something that immediately caught my attention and that I thought would be interesting to share.
The three URLs listed above are websites that offer mobile monetizing kits, which are advertising kits that developers can implement in their mobile apps. The goal for developers is to monetize from advertisements. If a user clicks on one of the ads delivered by one of the above listed providers, he may be lead to a malicious subdomain.
The most visited of the three URLs is Espabit. According to our statistics, we know that Espabit’s servers get around 150,000 views a day and nearly 100% of the views are from mobile devices. This may not seem like that much compared to the number of Android users there are in the world, but it is still a considerable number. Espabit is trying to position themselves as a world leader in advertising, and their website may appear innocent, but first impressions can be deceiving.
The most visited Espabit subdomain, with more than 400,000 views during the last few months, leads app users to pornographic sites via the ads displayed in their apps. The site displays a download offer for nasty apps (no pun intended) that have malicious behavior.
The above is just one example of the malicious links; there are many others hosted on the same server. The majority of the links lead to pornography or fake apps that all have one thing in common: They all steal money from innocent users.
How do they convince people to download their app? By posing as official Google Play apps. The apps are designed to look like they are from the official Google Play Store – tricking people into trusting the source. Since Android does not allow users to install apps from untrusted sources, the sites offer manuals in different languages, like English, Spanish, German, and French, explaining how to adjust Android’s settings so that users can install apps from untrusted sources, like these malicious apps. How considerate of them.
Now let’s take a deeper look at what the apps are capable of doing:
All of the “different” apps being offered by the three sites listed above are essentially the same in that they can steal personal information and send premium SMS. So far, we know about more than 40 of them stored on the websites’ servers. Most of the apps are stored under different links and, again, are offered in different languages (they want everyone to be able to “enjoy” their apps). The goal behind all of the apps is always the same: Steal money.
Some of the permissions the apps are granted when downloaded…
Once you open the apps, you get asked if you are 18 or older (they are not only considerate in that they offer their product in various languages, but they also have morals!).
After you click on “YES” you are asked to connect your device to the Internet. Once connected to the Internet your device automatically starts sending premium SMS, each costing $0.25 and sent three times a week. That’s all the app does! The amount stolen a week does not seem like much, but that may be done on purpose. People may not notice if their phone bill is $3.00 more than it was the month before and if they don’t realize that the app is stealing money from them and don’t delete the app it can cost them $36.00 a year.
This malware is actually not unique in terms of the technique it uses. However, collectively, the three websites have around 185,000 views daily, which is a lot considering there is malware stored on their servers. Not everyone is redirected to malware, but those who are, are being scammed. Considering that the most visited malicious subdomain had around 400,000 views in the last quarter, it tells us that a large number of those visitors were infected. This means these ad providers are making a nice sum of money and it’s not all from ad clicks and views.
Although many mobile carriers around the world block premium SMS, including major carriers in the U.S., Brazil, and the UK, this case should not be taken lightly. These malware authors use social engineering to circumvent Google’s security and target innocent app users via ads. Think of how many apps you use that display ads, then think of all the valuable information you have stored on your phone that could be abused.
All malicious apps we found and described here are detected by Avast as:
Some of SHA256:
Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution - You can find them online! The catch? Your contacts are in a publicly accessible place.
If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.
Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.
A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.
Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.
We found log in data inside those entries from countries like Greece, Brazil, and others
The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.“
Avast detects it as Android:DataExposed-B [PUP].
Mobile malware is growing exponentially. We now have more than 1 million malicious samples in our database, up from 100,000 in 2011. Still relatively young, most mobile malware has a pretty simple structure, yet it is designed to effectively steal people’s money. Newer mobile malware is, however, adapting and evolving, slowly embracing more deceitful and complex tactics to target users.
PC malware authors started in a garage, mobile malware authors in an office
Mobile malware is undergoing a similar development as PC malware did years ago with two significant differences: First, PC malware, in its early stages, was created by hobbyists and has only slowly evolved into a serious business within the last 10 years. Mobile malware, even with its simple structure, has been a serious business from the get-go. Smartphones and tablets are capable of gathering and storing more personalized data than PCs ever did – there is an abundance of valuable data to collect, including personal data and financial information. Thus, the focus of mobile malware has always been on monetization, meaning that even early mobile malware posed real-life threats to its victims, stealing money from them. Secondly, even though malware targeting smartphones and tablets is still young, it’s developing much faster than PC malware did in its initial years.
There are multiple entry points for mobile malware; apart from malicious apps placed in app stores and in-app ads linking to malicious content, malware authors also often take advantage of bugs in mobile operating systems, in popular apps or carrier billing structures. In 2013, around 60 to 70% of malware was tailored to send premium text messages behind users’ backs, a simple trick malware authors took advantage of to get into people’s wallets. The industry is catching up to malware and retaliating – carriers in the US and other countries have banned premium text messaging services. As the industry reacts, mobile malware authors start thinking of and using much more sophisticated and deceitful ways to get to people’s money.
The next generation of mobile malware
Elaborate malware, such as ransomware and spyware, is on the rise and is slowly taking control of mobile devices and the pool of potential victims can only get larger. Google now has more than 1 billion Android users. Formerly only known on the PC platform, a Cryptolocker-like ransomware has recently targeted Android devices for the first time, scaring users by holding their devices hostage, claiming to encrypt files until the user paid the ransom. Mobile spyware, on the other hand, is capable of tracking user location and a variety of other personal data, which can later be used to hack accounts or for identity theft.
We predict that with the emergence of new technologies, malware authors will find new ways of taking advantage of them. For example, as the use of new payment methods like Near Field Payment (NFC) increases, we expect hackers will change the way they go after money.
Users need to become aware of how valuable smartphones really are – not just the hardware, but the data it contains
Mobile threats are increasing – we expect them to reach the same magnitude as PC malware by 2018. However, out of the more than 1 billion smartphones that were shipped globally last year, only a small percentage are currently protected with antivirus software.
To make mobile devices safer and more secure, we need to collectively work together – the security industry, carriers, app store providers and consumers. At AVAST, we are constantly refining our tactics to detect mobile malware, to protect our users with our free and paid solutions. Actions like major carriers in the US, Brazil and the UK no longer billing customers for most forms of commercial Premium SMS messages, thus shutting an important door for malware creators, are a great initiative – and we hope carriers in other countries will follow this step, soon. Also, stricter security rules for apps on Google Play and other app stores could help make some types of malware extinct.
In the end, it’s also up to users to protect their devices and data with security solutions. People need to understand that there are new threats being built to target their mobile devices. Phones and tablets contain people’s personal treasures, in the form of data, whether that be personal information about loved ones or bank details – all of which is interesting for cybercriminals. Therefore, it is essential that people care for their smartphones and tablets in the same way as they protect their PC, the majority of which has antivirus installed.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.