Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘android’
December 12th, 2014

Mobile advertising firms spread malware by posing as official Google Play apps

As a malware analyst, I find new pieces of malware day in and day out. In fact, I see so many new malware samples that it’s difficult for me to determine which pieces would be really interesting for the public. Today, however, I found something that immediately caught my attention and that I thought would be interesting to share.

Mobilelinks

The three URLs listed above are websites that offer mobile monetizing kits, which are advertising kits that developers can implement in their mobile apps. The goal for developers is to monetize from advertisements. If a user clicks on one of the ads delivered by one of the above listed providers, he may be lead to a malicious subdomain.

The most visited of the three URLs is Espabit. According to our statistics, we know that Espabit’s servers get around 150,000 views a day and nearly 100% of the views are from mobile devices. This may not seem like that much compared to the number of Android users there are in the world, but it is still a considerable number. Espabit is trying to position themselves as a world leader in advertising, and their website may appear innocent, but first impressions can be deceiving.

 

espabit

The most visited Espabit subdomain, with more than 400,000 views during the last few months, leads app users to pornographic sites via the ads displayed in their apps. The site displays a download offer for nasty apps (no pun intended) that have malicious behavior.

image

 

The above is just one example of the malicious links; there are many others hosted on the same server. The majority of the links lead to pornography or fake apps that all have one thing in common: They all steal money from innocent users.

How do they convince people to download their app? By posing as official Google Play apps. The apps are designed to look like they are from the official Google Play Store – tricking people into trusting the source. Since Android does not allow users to install apps from untrusted sources, the sites offer manuals in different languages, like English, Spanish, German, and French, explaining how to adjust Android’s settings so that users can install apps from untrusted sources, like these malicious apps. How considerate of them.

image_1

 

Now let’s take a deeper look at what the apps are capable of doing:

All of the “different” apps being offered by the three sites listed above are essentially the same in that they can steal personal information and send premium SMS. So far, we know about more than 40 of them stored on the websites’ servers. Most of the apps are stored under different links and, again, are offered in different languages (they want everyone to be able to “enjoy” their apps). The goal behind all of the apps is always the same: Steal money.

apps code1

 

 

 

 

Some of the permissions the apps are granted when downloaded…

apps code2

 

Once you open the apps, you get asked if you are 18 or older (they are not only considerate in that they offer their product in various languages, but they also have morals!).

sexyface

 

 

sexyface2

 

After you click on “YES” you are asked to connect your device to the Internet. Once connected to the Internet your device automatically starts sending premium SMS, each costing $0.25 and sent three times a week. That’s all the app does! The amount stolen a week does not seem like much, but that may be done on purpose. People may not notice if their phone bill is $3.00 more than it was the month before and if they don’t realize that the app is stealing money from them and don’t delete the app it can cost them $36.00 a year.

This malware is actually not unique in terms of the technique it uses. However, collectively, the three websites have around 185,000 views daily, which is a lot considering there is malware stored on their servers. Not everyone is redirected to malware, but those who are, are being scammed. Considering that the most visited malicious subdomain had around 400,000 views in the last quarter, it tells us that a large number of those visitors were infected. This means these ad providers are making a nice sum of money and it’s not all from ad clicks and views.

Although many mobile carriers around the world block premium SMS, including major carriers in the U.S., Brazil, and the UK, this case should not be taken lightly. These malware authors use social engineering to circumvent Google’s security and target innocent app users via ads. Think of how many apps you use that display ads, then think of all the valuable information you have stored on your phone that could be abused.

All malicious apps we found and described here are detected by Avast as:

Android:Erop-AG [Trj]
Android:Erop-AJ [Trj]|
Android:Erop-AS [Trj]

Some of SHA256:
DBEA83D04B6151A634B93289150CA1611D11F142EA3C17451454B25086EE0AEF
87AC7645F41744B722CEFC204A6473FD68756D8B2731A4BF82EBAED03BCF3C9B

Comments off
December 3rd, 2014

Is backing up your data the same as exposing it? In this case – Yes!

Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution -  You can find them online! The catch? Your contacts are in a publicly accessible place.

1playstore photo

Seriously.

If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.

Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.

 2app

A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.

3savedatacloud

Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.

4fiddlerinfo 5datafromserver

We found log in data inside those entries from countries like Greece, Brazil, and others

The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

6appinfoplaystore The application has been reported to Google without receiving any response.

Avast detects it as Android:DataExposed-B [PUP].

Samples (SHA-256):

F51803FD98C727F93E502C13C9A5FD759031CD2A5B5EF8FE71211A0AE7DEC78C 199DD6F3B452247FBCC7B467CB88C6B0486194BD3BA01586355BC32EFFE37FAB

September 9th, 2014

As Mobile Malware Hits the Million Samples Mark It Becomes More Devious than Ever Before

Mobile malware is growing exponentially. We now have more than 1 million malicious samples in our database, up from 100,000 in 2011. Still relatively young, most mobile malware has a pretty simple structure, yet it is designed to effectively steal people’s money. Newer mobile malware is, however, adapting and evolving, slowly embracing more deceitful and complex tactics to target users.

PC malware authors started in a garage, mobile malware authors in an office

Mobile malware is undergoing a similar development as PC malware did years ago with two significant differences: First, PC malware, in its early stages, was created by hobbyists and has only slowly evolved into a serious business within the last 10 years. Mobile malware, even with its simple structure, has been a serious business from the get-go. Smartphones and tablets are capable of gathering and storing more personalized data than PCs ever did – there is an abundance of valuable data to collect, including personal data and financial information. Thus, the focus of mobile malware has always been on monetization, meaning that even early mobile malware posed real-life threats to its victims, stealing money from them. Secondly, even though malware targeting smartphones and tablets is still young, it’s developing much faster than PC malware did in its initial years.

There are multiple entry points for mobile malware; apart from malicious apps placed in app stores and in-app ads linking to malicious content, malware authors also often take advantage of bugs in mobile operating systems, in popular apps or carrier billing structures. In 2013, around 60 to 70% of malware was tailored to send premium text messages behind users’ backs, a simple trick malware authors took advantage of to get into people’s wallets. The industry is catching up to malware and retaliating – carriers in the US and other countries have banned premium text messaging services. As the industry reacts, mobile malware authors start thinking of and using much more sophisticated and deceitful ways to get to people’s money.

The next generation of mobile malware

Elaborate malware, such as ransomware and spyware, is on the rise and is slowly taking control of mobile devices and the pool of potential victims can only get larger. Google now has more than 1 billion Android users. Formerly only known on the PC platform, a Cryptolocker-like ransomware has recently targeted Android devices for the first time, scaring users by holding their devices hostage, claiming to encrypt files until the user paid the ransom. Mobile spyware, on the other hand, is capable of tracking user location and a variety of other personal data, which can later be used to hack accounts or for identity theft.

We predict that with the emergence of new technologies, malware authors will find new ways of taking advantage of them. For example, as the use of new payment methods like Near Field Payment (NFC) increases, we expect hackers will change the way they go after money.

Users need to become aware of how valuable smartphones really are – not just the hardware, but the data it contains

Mobile threats are increasing – we expect them to reach the same magnitude as PC malware by 2018. However, out of the more than 1 billion smartphones that were shipped globally last year, only a small percentage are currently protected with antivirus software.

To make mobile devices safer and more secure, we need to collectively work together – the security industry, carriers, app store providers and consumers. At AVAST, we are constantly refining our tactics to detect mobile malware, to protect our users with our free and paid solutions. Actions like major carriers in the US, Brazil and the UK no longer billing customers for most forms of commercial Premium SMS messages, thus shutting an important door for malware creators, are a great initiative – and we hope carriers in other countries will follow this step, soon. Also, stricter security rules for apps on Google Play and other app stores could help make some types of malware extinct.

In the end, it’s also up to users to protect their devices and data with security solutions. People need to understand that there are new threats being built to target their mobile devices. Phones and tablets contain people’s personal treasures, in the form of data, whether that be personal information about loved ones or bank details – all of which is interesting for cybercriminals. Therefore, it is essential that people care for their smartphones and tablets in the same way as they protect their PC, the majority of which has antivirus installed.

AVAST Mobile Malware infographic

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

September 8th, 2014

avast! Mobile Security quiz winners!

AVAST recently surpassed a major milestone:  More than 100 million downloads of avast! Mobile Security & Antivirus for Android.

To celebrate the phenomenal popularity of avast! Mobile Security, we organized a test-your-knowledge quiz on our popular avast! Facebook page. Our goal was not only to test your knowledge and award participants, but also bring your attention to and educate users about mobile security. Our knowledge quiz wasn’t easy, but we made sure that you received a hint to answer the questions correctly. Thousands of you submitted answers to our 5 questions as well as shared your thoughts about what the greatest threat to mobile security is today.

Here are the quiz questions and answers:

  • How many Smartphones are lost or stolen every minute of every day?  The correct answer was 100! The answer was found in this blog post.
  • avast! Anti-theft helps you locate your lost or stolen mobile device. There are various methods used. Which of following is NOT one of the methods? The correct answer was ‘Communicate via your GPS device.’  The hint was hidden in this blog post.
  • Based on users’ answers in an AVAST survey, which group of people are more vulnerable to mobile malware? The correct answer was ‘Males.’ The answer was found in this infographic.
  • When was the first version of avast! Mobile Security released? The correct answer was ‘December 2011.’ The hint was hidden in this YouTube video.
  • The AVAST team demonstrated our Mobile Security product at one of the largest mobile conferences in the world. In which great city did it take place?  The correct answer was ‘Barcelona.’ The hint was hidden in the following blog post.

BLOG-en

Here are the results:

  • 2,400 participants answered all the questions correctly
  • 1,900 participants answered four questions correctly
  • 1,400 participants answered three questions correctly
  • 3,300 participants answered one or two questions correctly

We promised to give away 1,000 Premium licenses to participants. However, we changed our mind. We decided that we want to protect your Android phone and tablets, so we well be awarding everyone who answered 3 and more answers correctly with a  free license for the most trusted Android security product in the world! :)

Now check your mailbox and search for the email from us. It will contain a special voucher with instructions on how to activate your Premium license. It might end up in the Junk/Spam folder, so please make sure you double check it too. In the following blog post we will announce winners of our VIP #AVASTteddy and the lifetime license, so please stay tuned!

For those who didn’t succeed this time, we have also something.  Install avast! Mobile Security and Antivirus for FREE from the Google Play store, https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
August 25th, 2014

Win a free avast! Mobile Premium license

AVAST is celebrating 100 million downloads of avast! Mobile Security & Antivirus for Android.

We want to protect your Android phone and tablets, so we’re giving you the chance to win a free license for the most trusted Android security product in the world!

BLOG-en

How much do you know about your phone’s security?

Do you know all the ways to use avast! Mobile Security’s anti-theft feature to track your phone?

Do you know who is more at risk for getting malware on their mobile device?

Do you know how many phones are stolen every minute of every day?

Take the avast! Mobile Security quiz and find out! Answer all 5 questions correctly (don’t worry, we’ll give you hints) and you’ll be in the running to win a free 1-year license for avast! Mobile Premium! One lucky winner will win LIFETIME protection, and 10 lucky winners will receive a rare avast! teddy bear.

Here’s what to do:

  • Become an AVAST fan on Facebook
  • Enter the quiz and answer 5 questions correctly
  • Write what you think is the most serious threat to your mobile security
  • Share the quiz with your friends

Take the avast! Mobile Security quiz now!

Make sure all the Android’s in your life have protection. Install avast! Mobile Security and Antivirus from the Google Play store, https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

August 14th, 2014

The Fine Line between Malicious and Innocent Apps: Part 2

Malware has increased on mobile devices 900% since 2011. As dramatic as that number is, as we explained in part 1 of this post, your Android device is unlikely to become infected with malicious malware.

Nowadays, cybercrooks use more subtle and insidious techniques to steal money and personal data from you.

hungry-ads

We explained about PUPs and snoopy apps that want too much information from you. Here are a few more sneaky methods that you should be aware of:

Information hungry ads

App developers are not the only information hungry players in the app game. Ad kits can be found in 80% of free apps. Ads are used to monetize free apps, just like websites display ads to monetize. Unfortunately, not all ad networks play fair. Some ad networks collect and share your personal data.

At the beginning of the year Rovio, maker of Angry Birds, came under fire for allegedly sharing user information with the NSA. They, however, denied this and stated that Ad Networks used by “millions of commercial websites and mobile applications” leaked information to the U.S. intelligence agency.

avast! Mobile Premium, the premium version of avast! Mobile Security, includes an Ad Detector feature. This feature provides full details of an ad network’s capabilities. Ad network permissions are mixed in with the app’s permissions, so it is difficult to differentiate where certain information is being sent and who is accessing your device. App downloaders should therefore always review app permissions thoroughly, as app developers are not the only players on the app’s field.

Empty promise apps

There are apps on the market that are not after your personal data, but are more interested in deceiving you for financial gain. These apps trick people into downloading something different than what they advertised. There are various ways this can be done with various levels of severity.

The most innocent of them being seemingly normal apps that when downloaded only display ads, not even offering the service they advertised. We found apps like this around the time of the World Cup. Games like Corner Kick World Cup 2014 displayed a white screen with ads popping up now and then. This is not necessarily malicious, but frustrating and annoying for the user. If the app had been called Ad Roulette it would be acceptable, but app developers gain a small profit from advertisers when users click on ads displayed within their app. Displaying ads continuously boosts the likelihood that users will click on the ads, thus increasing the app developer’s profit.

More malicious and misleading apps warn people that their device is infected, deceiving them into downloading either an app to remove the “virus” on their device or in some cases downloading actual malware. AVAST discovered an adult app, available on an underground app market that forced users to “scan their device for viruses.”. Subsequently, the app displayed a fake version of avast! Mobile Security, which in reality was ransomware that locked victim’s out of their devices until they paid up.

Apps that gain users by offering a solution to remove non-existent infections, on the other hand, may offer a legitimate app, like a security or other category of app, but the tactic they use to gain users is deceitful and unethical.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitterGoogle+ andInstagram. Business owners – check out our business products.

Comments off
August 14th, 2014

Calling advanced Android users: Join the avast! Mobile Security Beta test!

Would you like a sneak-peek into our new version of avast! Mobile Security before the official product release? The opportunity is here.  We are looking for advanced Android users to participate in the avast! Mobile Security Beta test. This Beta test will run until August 31, so you have plenty of time to test everything. Your valuable feedback will be incorporated into our product before going public to millions of users, so your participation is vital.

Help our development team by being  part of the beta testing team. We need your input! :)

avast! Mobile Security beta testing

Android beta testers are vital to the success of avast! Mobile Security. Join the team!


Here’s how to join the avast! Mobile Security Beta test:

What we expect from you?

  • Provide us with your feedback on the new interface, with a special focus on graphical issues and issues with translations
  • Report all potential bugs you find, preferably with print screens
  • Give us your suggestions for improvements, additional features, and solutions

Where you can submit your feedback?

Every active participant who provides feedback will receive a 1-year avast! Mobile Premium license.

The new interface has already received praised from beta testers. We want to hear from you. Join the Google+ Mobile Security beta testers community now.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitterGoogle+ andInstagram. Business owners – check out our business products.

Comments off
August 13th, 2014

avast! Mobile Security named Tabby Awards Winner and Users’ Choice

Tabby users_choice-2014 (2)The public has spoken! One hundred thousand votes were cast and avast! Mobile Security & Antivirus was declared the Winner and Users’ Choice pick for the best Utilities and Tools for Android devices.

The international panel of independent judges wrote about avast! Mobile Security, “One of the best security apps for tablets. Setup is quick and easy. UI is refreshing and simple yet functional. Capabilities and ease of use are outstanding. Very solid. This application is the complete mobile security package.”

The crowning achievement for the developers of avast! Mobile Security is the Users’ Choice award, given by real app users. In June and July, app users voted on the TabbyAwards.com site for their favorite app among panel-selected finalists in each category. The full list of Winners, Users’ Choice and Finalists, with links to download them, is available at TabbyAwards.com.

You ain’t seen nothing yet

The judges and users thought that the current version of avast! Mobile Security has a “refreshing” and “simple yet functional” user interface.  Well, it’s about to get even better!

Android Power Users: Join us as a beta tester and provide feedback on the new, improved avast! Mobile Security user interface. Visit the avast! Google+ page to join the beta community and learn how you can earn a free 1-year license for avast! Mobile Premium.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitterGoogle+ andInstagram. Business owners – check out our business products.

Comments off
July 24th, 2014

Mobile development start-up Inmite joins AVAST team!

logo Inmite

Inmite acquisition adds 40 mobile developers to AVAST’s growing mobile business

Our 220 million AVAST users are moving many of their online activities to mobile devices, just like the rest of the world. Cybercriminals are well aware of the shift and are increasing their activities as well. In order to better protect our current and new mobile users, we are pleased to announce that we brought Inmite, a mobile application development firm, into the AVAST family.

Through this acquisition, we are adding 40 very talented and experienced mobile developers to our growing mobile business.

“Inmite’s team consists of great mobile developers and by joining AVAST, they’re going to further accelerate our growth and expand our capabilities across mobile platforms,” said Vince Steckler, CEO at AVAST.

Inmite has built more than 150 mobile iOS, Android and Windows Phone apps for the automotive, banking, media and telecommunications industries since 2008. The company is recognized as a Top Developer on Google Play, and also developed the world’s first Google Glass banking prototype, and other ‘internet of things’ devices.

“In order to make a greater impact worldwide, we wanted to go big with a global mobile leader who believes in technologies for the future. AVAST shares this vision and is the ideal partner for us,” said Barbora Petrová, spokesperson of Inmite.

Read more on VentureBeat, Avast acquires Czech mobile dev shop Inmite, and in the official press release.

AVAST Software acquires Inmite mobile development start-up

Avast co-founders Eduard Kucera and Pavel Baudiš take a Selfie with Inmite company founders.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

July 11th, 2014

Six ways to secure your smartphone

AR AMSpost-enI bet you would be lost without your smartphone. It’s your lifeline to contacts, emails, and personal information, not to mention all those apps that you use for fun, entertainment, and business. You probably have bought something using your phone, so your credit card information is there, as well as your account log ins. In other words, it would be disastrous to lose it to a thief or be infected with a data-stealing app.

Keep reading for some solid tips that will help you secure your Android smartphones and tablets.

1. Install security software

Protect your smartphone or tablet from malicious attacks. Malware targeted at Android devices is increasing daily, and we project that it will be at PC levels in the next 4 years. Even though malware is not likely to affect you (yet), avast! Mobile Security & Anti-theft protects your device , plus it helps you locate your device if it is lost or stolen.

TIP: When you upgrade to avast! Mobile Premium you get a feature called Password Check. This feature keeps nosy people and data thieves from snooping around your messages or emails. After 3 wrong attempts to break in, your phone is locked.

2. Use trusted stores to install apps

Malware may not be a huge threat yet, but cybercrooks are using apps in subtle ways, so you need to be aware of what you’re downloading onto your device. The major app stores like Google Play and Amazon are the safest places to go for apps. These have rigorous vetting procedures, so they are reliable sources. The ones you need to watch out for are the unregulated third party app stores predominantly from the Asia or the Middle East.

TIP: For an extra safeguard on your Android device, stop the installation of apps from unknown sources. Go to Settings>Security and uncheck the Unknown Sources option. Check the Verify Apps option to block or warn you before installing apps that may cause harm.

3. Use a PIN or password and lock your apps

Your Android phone has its own security settings, so we recommend that you set a PIN number with a strong number code to the lock screen. To set your PIN go to Settings>Lock screen to set a pattern or passcode.

TIP: Use avast! Mobile Security App Lock to set a PIN for apps you want to keep private, like online shopping and banking apps. You can lock any two apps with a PIN/gesture using our free product; get unlimited app locking with the Premium product.

Read more…