By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman
As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.
A stranger broke into Giri C’s house last September. The thief looked through Giri’s belongings for something of value. He found a MotoE Phone and grabbed it. Mobile phones are an easy target because the thief can just slip in a new SIM card and resell the phone on the black market.
What this thief didn’t know was that Giri had installed Avast Anti-Theft protection. Avast Anti-Theft allows you to set up your desktop account or use a friend’s phone to remotely locate your device, lock it, activate the remote siren, or wipe its data clean.
ASUS, the third largest consumer notebook vendor in the world, has selected Avast Mobile Security to be pre-loaded on its new line of Android powered tablets.
These tablets, called ZenPad, will be debuted at the upcoming Computex in Taiwan this June. The much anticipated 7-inch ZenPad 7 will give customers 12 months of Avast Mobile Security and allow free access to premium versions of Avast Backup and Avast Anti-theft.
Tomáš joined Avast in March 2014 as a Product Manager for Avast Mobile Security. Born in Čáslav, a small town in central Bohemia, he moved to Prague during high school with plans to study at the Police Academy of the Czech Republic. After a while, Tom decided he wanted to study and work in IT instead. After gaining experience while working at a successful Czech startup, taking on jobs as a freelancer and starting his own company focused on cloud document management, Tom joined Avast’s mobile team. In his free time, Tom enjoys climbing, cycling, writing and restoring his classic Škoda 1000 MB car.
1. What is Avast’s mobile team out to accomplish?
We’d like to become the most trusted mobile tools developer, allowing users to live their lives with their mobile devices safely and more easily.
2. Who or what helps you in coming up with new, creative ideas?
My colleagues are a huge inspiration to me. That’s one thing that I really enjoy about working at Avast – anyone and everyone can come up with new ideas to brainstorm. We are one big think tank.
3. What’s one thing that every user should know about his/her mobile device?
Users should be aware of the risks that mobile malware poses to their personal information and data. Although malware on mobile devices is less likely to break a user’s device than that of a PC, malicious apps can harvest and steal a lot of personal data. Even apps that aren’t malicious (often free apps) can access a lot of personal information. The more personal info that is shared, the more likely it is that a user’s privacy could become compromised.
4. What’s your favorite security tip?
Make sure to be careful when connecting to public Wi-Fi networks. Packet sniffing, or the monitoring of data traveling over a network, can be used to steal information and is very easy for hackers to carry out. It’s in your best interest to use a virtual private network (VPN) when connecting to unsecured networks.
5. Name one goal you’ve set for yourself at Avast.
I’d like to see Avast Mobile Security (AMS) become the most popular app that provides users with a straightforward, user-friendly overview of app permissions. AMS is an extremely versatile app with lots of potential, and I envision it serving as a true “guarding angel” for users, protecting them against mobile malware and allowing them to become familiar with the apps they use on a daily basis.
Avast’s mobile team recently held the second Avast Mobile Internal Conference (AMIC) in Prague, where the entire team came together to keep one another in the loop about the company’s apps and products, team activities, and goals for the department’s future. A series of lectures and interactive activities encouraged synergy and collaboration between product teams. In addition to everything that was accomplished at AMIC, the mobile team still managed to have quite a bit of fun at the conference. We’d like to congratulate the mobile department on this successful and productive event!
Small business owners embrace the idea of employees supplying their own computers, smartphones, and tablets in the workplace. But the savings and convenience can go down the drain if the employee falls prey to a phishing scam and downloads malware or loses their device. Protecting mobile devices has become increasingly more important as Bring Your Own Device (BYOD) grows in popularity.
Technical security measures to protect information are of obvious importance. However, many security incidents relate to the theft or loss of equipment.
We can write multiple blog posts about BYOD policies and educating your employees about the latest threats and tricks that cybercrooks play (spearphishing, for example), which is all extremely important, but if you simply lose your device, then all bets are off anyway. You can avoid headaches in the case of misplaced or stolen devices by having a way to remotely locate the missing device and wiping the data away if it ends up in the wrong hands.
Avast Anti-Theft allows users to log on to their desktop account or use a friend’s phone to remotely locate their device, lock it, activate the remote siren, or wipe its data clean.
Business owners also need to consider what to do about company data on an employee’s personal device when they are terminated or leave the company. Some companies have resorted to wiping personal devices clean of all data, but that includes contacts, family photos, apps and music, which can lead to unpleasant lawsuits or complaints from former employees. Mobile device management systems (MDMs) are available, but could be overkill for very small businesses.
If you only have a few employees, and do not require a full-blown MDM, then Install Avast Anti-Theft for free from the Google Play store to protect your own devices and those of your employees.
The Avast bi weekly wrap-up is a quick summary of what was on the Avast blog for the last two weeks.
Most everyone knows their PC needs antivirus protection, but they don’t think about their smartphone. These days smartphones are just about as powerful and have as much or more personal information as our desktop PC at home. We answer the question do Android devices really need protection?
The answer is a resounding YES. The Avast Virus Lab gives us an example from a trusted download source, Google Play: A porn clicker app slipped into Google Play imitating the popular Dubsmash app. If we cannot completely rely on trusted app stores to weed out nasty apps, then it’s time to add an extra layer of security.
Once you decide that you do want to protect your Android device, you can be confident in Avast Mobile Security, Avast’s free security app available on Google Play. A survey by AV -Comparatives said that Avast was the #1 choice for mobile security in the entire world. No need to wait any longer to protect your smartphone or tablet.
One of the challenges with using a smartphone for so many activities, is that the battery gives out before we do. Our new free app Avast Battery Saver raises the bar with new Wi-Fi based smart profiles that can increase battery life by an average of 7 hours.
Avast Battery Saver has only been available for a month or so but already 200,000 customers have downloaded it from the Google Play Store. For Earth Day we highlighted battery saver users for their positive impact on the environment. Who knew that Avast Battery Saver would be so green? A cool infographic shows just how much they saved - not only from their own battery - but in energy costs too. Now Earth Day can be everyday!
Small and medium-sized businesses (SMBs) run the risk of data breaches just like there Enterprise cousins. Luke Walling, the General Manager of Avast for Business, explains that the biggest threat to SMBs is not actually hackers sitting somewhere far away. The biggest threat to your SMB could be sitting in your office!
Speaking of Avast for Business, our new disruptive free security offering for SMBs has 75,000 new customers in just 2 months. If you have a start-up, a small business, if you work in a school or non-profit organization, then it’s time to stop paying for security protection.
Our researchers are constantly surprised by the creativity of malware authors. Recently, they found a new way cybercrooks trick people in giving up their banking information. It’s a crafty combination of spam email, social engineering, and a macro code embedded in an innocent looking Word document.
Most people have security protection on their computers. That’s great when there are things like the banking malware we wrote about. With all that great protection why is it that they don’t trust the warnings? The Avast Virus Lab explored why some people would rather be right than believe a malware warning.
It’s very common to find people concerned about Windows viruses and malware that say, “Oh, my PC is protected by Avast Antivirus, but we don’t need it for our smartphones and tablets.”
With more than 230 million Avast Antivirus customers, we see “only” 60 million or so Android users of Avast Mobile Security. Many more mobile devices are sold every second than desktops and notebooks together. Why are people not as concerned about the security of their smartphone as their desktop?
The AV-Comparatives survey that we wrote about yesterday in Avast Mobile Security is the #1 choice for Android users says that Android users in North America protect their phones more than anywhere else in the world with 31 percent of respondents reporting they have protection. South America, Asia, and Europe are much lower at 17 percent.
What about the rest of the Android users?
- Do you realize that mobile malware is increasing?
- Do you realize that you (most probably) have much more personal info in your smartphone than your PC? Like photos, selfies, contacts, videos, and also banking and financial information.
- What if one of your apps is using your personal info against you like the Dubsmash 2 app we just discovered?
Your Android device needs protection
Avast Mobile Security is a complete suite for Android protection. It is completely focused on security and privacy features.
Maybe you have a friend or your girlfriend that should be reading this… Take this opportunity to introduce them to Avast Mobile Security and teach them some tips about mobile security. Maybe we’ll see a better protected world if we reduce the number of unprotected devices and the cybercrooks have more work to steal from innocents. Download Avast Mobile Security for free on Google Play.
Earn free Avast Mobile Premium
In the latest update of Avast Mobile Security, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!
Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium. Cool, huh?
Do your good action today: Tell someone you care about that smartphones and tablets need to have a security app installed and updated..
The most popular mobile security product in the world is Avast Mobile Security.
In their annual IT Security Survey, AV – Comparatives asked, Which mobile anti-malware security solution do you primarily use on your smartphone?
Avast took 1st or 2nd place on four continents: Europe, North America, Asia, and South/Central America.
How great is the risk of infection on an Android smartphone?
The risk of your Android smartphone becoming infected depends on several factors. In the US and Europe most people use official stores such as Google Play for installing apps. The risk is much lower than in many Asian countries, especially China, where app stores are not subject to stricter controls. Because of these unofficial app stores, along with numerous rooted phones, the chance of installing a dangerous app is highly increased.
In Asia, the smartphone is often used as an alternative to the PC. People frequently use it for online banking which make them vulnerable to Zeus Trojan malware. Zeus is commonly delivered via a link or an attachment in a phishing message or through a text message via WhatsApp, SMS, or Twitter. This threat will similarly increase in Europe and the US as banking apps get more popular.
An ounce of prevention is worth a pound of cure
The Avast Virus Lab has more than one million samples of mobile malware in its database, and reports that 2,850 new mobile threats are created every day by hackers. The threat situation can change quickly and dramatically so it is best to use preventative protection and install security software on your smartphone. At this point though, protecting important data in the event that your phone is lost or stolen is more critical than malware protection.
The AV-Comparatives survey says that Android users in North America protect their phones more than anywhere else in the world with 31 percent of respondents reporting they have protection. South America, Asia, and Europe are much lower at 17 percent.
Protect your Android smartphone and tablet with Avast Mobile Security and Avast Anti-Theft: Free from the Google Play store.
Everyone from celebrities like Lena Dunham to Hugh Jackman are using the (currently) seventh most popular app available on Google Play: Dubsmash. Dubsmash is an app with more than 10 million Google Play installations that lets users choose a sound, record a video to go along with the sound and send their dub to their friends or social media channels. Dubsmash is not only widely popular amongst teens and celebs, but the app has also caught the attention of malware authors.
Avast recently discovered “Dubsmash 2” (with the package name “com.table.hockes”) on Google Play – and no, it was not the bigger and better version of the original app. The app is a so called “porn clicker” and was installed 100,000-500,000 times from the Google Play Store. We contacted Google when we discovered the rogue app and it was removed from the Play Store shortly thereafter. Once the app was installed there was no evidence of an app named “Dubsmash 2” on the user’s device, instead the app installed an app icon named “Setting IS”. This is a common trick malware authors use to make it harder for the user to figure out which app is causing problems. This should also be the user’s first clue that something shady is going on. The “Settings IS” icon looked very similar to the actual Android Settings icon (see screenshot below).
The app’s mischievous activities could be triggered by two actions. The first possible way was by simply launching the “Settings IS” app and the second, which occurred only if the user had not yet launched the app, was via the BroadcastReceiver component within the app. BroadcastReceiver observed the device’s Internet connectivity and if the BroadcastReceiver noticed the device was connected to the Internet, the app’s true functions would be triggered.
If the “Settings IS” app was opened by the user, the Google Play Store would launch to the actual “Dubsmash” app download page.
Once activated, the app sent an HTTP GET request to an encrypted URL. If the request returned a string containing the character “1” two services would begin to work: MyService and Streaming. Using this method the author could also effectively turn off the start of the services remotely.
The second service, the Streaming service, was fairly similar in structure to the MyService component in that it also scheduled a task to run every 60 seconds. The main difference to MyService, is that users could notice the Service tasks did not run secretly in the background. The task would check for changes in the device’s IP address or date. If either of them had changed, a video would launch in the device’s YouTube app. The YouTube app needed to be installed on the device for this to function properly. The video address was also obtained from an encrypted URL.
After decrypting and further examining the URLs and the video from YouTube, the Avast Virus Lab came to the conclusion that the malware most likely originated from Turkey. The developer’s name listed on Google Play and YouTube hint to this.
We suspect the app developer used the porn clicker method for financial gain. Through clicks on multiple ads within the porn sites, the app developer probably received pay-per-click earnings from advertisers who thought he was displaying their ads on websites for people to actually see.
Despite being undesirable, but basically harmless to the user and less sophisticated than other malware families such as Fobus or Simplocker, this app shows that although there are safeguards in place, undesirable apps that fool users can still slip into the Google Play store.
If you installed Dubsmash 2 (package name “com.table.hockes”), you can delete the app by going into Settings -> Apps -> find “Settings IS” and then uninstall the app.
The Avast Mobile Security application detects this threat as Android:Clicker. SHA-256 hash: de98363968182c27879aa6bdd9a499e30c6beffcc10371c90af2edc32350fac4
Thank you Nikolaos Chrysaidos for your help with the analysis
We’ve recently told you about Avast Battery Saver, an application which saves your Android’s power without hassle. It optimizes phone settings such as Internet connectivity, screen brightness, and timeout according to your needs. We’d now like to announce an exciting new feature of the app: Wi-Fi-based smart power profiles. These profiles are activated automatically based on designated local Wi-Fi networks that are detected. Users can now assign specific wireless networks to be used within their home or work smart profiles. Not only are Wi-Fi-based profiles more precise than GPS-based profiles, but they are also more efficient and require less energy to detect.
In contrast to other battery-saving applications, Avast Battery Saver learns about your daily routine and thus suggests the best smart profiles for your phone. It doesn’t require you to change your behavior or usage, nor does it affect voice calls, text messages, or the ring volume of your phone.
“Everyone needs more battery life for their mobile devices, but most battery savers shut down the wrong apps,” said Jude McColgan, Avast’s President of Mobile. “Avast Battery Saver learns which apps are most important to the user, and shuts down only those that are less used.”
Avast Battery Saver significantly improves battery life, saving up to 20% on one charge — and it’s free from the Google Play Store.
New Wi-Fi-based profiles have been added to make the app’s convenient features significantly more efficient
- Smart profiles activate automatically based on time, location, user-designated Wi-Fi networks and battery level.
- App consumption detects and permanently stops apps that drain too much battery life.
- Precise estimate of remaining battery life based on actual phone usage and historical data. Battery level is displayed in a percentage and time remaining in status bar notification.
- The application can turn off Wi-Fi when there are no known hotspots nearby.
- Your phone limits connections to the Internet to every 5, 10, 15 or 30 minutes, based on your current profile configuration, when its screen is turned off.
- Emergency mode is activated when your battery level is very low, and it turns off all functions that require significant energy, saving power for when you really need it (e.g. Wi-Fi, data connection, Bluetooth or GPS).
The app currently works with the following four profiles: Home, Work, Night, and Super-Saving Emergency Mode. You can easily access the list of profiles by clicking the “Smart Profiles” button on the app’s home screen. Avast Battery Saver is available for download in the Google Play Store.