With millions of applications waiting to be installed in our gadgets, you not only need to be concerned about quality, but you also need to take the proper measures in order to avoid your phone becoming infected by malware. Unfortunately, we already know that Google Play and the Windows Store aren’t immune to malware. Even the Apple Store has its bad days, so we’re not trying to scare you. These days, malware is a continuing, growing threat.
We all know how bothersome finding and connecting to Wi-Fi networks in public places can be — often, we encounter frustrating roaming fees or slow connection speeds in crowded spaces. At Avast, we want Wi-Fi connection to be a safe and simple process for our users. As a result, we’re currently working on new product that will help people to detect and connect to public Wi-Fi networks without any security risk.
Introducing Avast’s new product pioneering program
We’ve recently rolled out a new feature within Avast Mobile Security called the product pioneering program. This program helps harvest nearby Wi-Fi hotspots available for users when they need to connect to public Wi-Fi networks. The feature also supports the creation and growth of our own trustworthy and up-to-date hotspot database, which we need in order to deliver information about nearby Wi-Fi hotspots to our users. As we know that Avast users place great importance on their security and privacy, we are asking our users to lend us a helping hand in collecting and identifying hotspots in their local surroundings. This requires us to request the GPS position permission of our users during the installation or upgrading process of Avast Mobile Security.
Upon installing or upgrading Avast Mobile Security, users will receive an in-app notification that informs them of our product pioneering program. If a user chooses to opt in to the product pioneering program, it is only then that his or her GPS location information will actively be gathered.
Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.
Fake AMS apps collect personal data and redirect users to adware
If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:
- New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
- Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
- Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.
Mid January we informed you of a data-stealing piece of Android malware called Fobus. Back then Fobus mainly targeted our users in Eastern Europe and Russia. Now, Fobus is also targeting our users in the USA, United Kingdom, Germany, Spain and other countries around the world.
Fobus can cost its unaware victims a lot of money, because it sends premium SMS, makes calls without the victims’ knowledge and can steal private information. More concerning is that Fobus also includes hidden features that can remove critical device protections. The app tricks users into granting it full control of the device and that is when this nasty piece of malware really begins to do its work. You can find some more technical details and analysis of Fobus in our previous blog post from January.
Today, we decided to look back and check on some of the data we gathered from Fobus during the last six months. We weren’t surprised to find out that this malware family is still active and spreading, infecting unaware visitors of unofficial Android app stores and malicious websites.
The interesting part of this malware is the use of server-side polymorphism, which we suspected was being used back in January but could not confirm. We have now confirmed that server-side polymorphism is being used by analyzing some of the samples in our database. Most of these have not only randomly-generated package names, but it also seems that they have randomly-generated signing certificates.
ASUS, the third largest consumer notebook vendor in the world, has selected Avast Mobile Security to be pre-loaded on its new line of Android powered tablets.
These tablets, called ZenPad, will be debuted at the upcoming Computex in Taiwan this June. The much anticipated 7-inch ZenPad 7 will give customers 12 months of Avast Mobile Security and allow free access to premium versions of Avast Backup and Avast Anti-theft.
Tomáš joined Avast in March 2014 as a Product Manager for Avast Mobile Security. Born in Čáslav, a small town in central Bohemia, he moved to Prague during high school with plans to study at the Police Academy of the Czech Republic. After a while, Tom decided he wanted to study and work in IT instead. After gaining experience while working at a successful Czech startup, taking on jobs as a freelancer and starting his own company focused on cloud document management, Tom joined Avast’s mobile team. In his free time, Tom enjoys climbing, cycling, writing and restoring his classic Škoda 1000 MB car.
1. What is Avast’s mobile team out to accomplish?
We’d like to become the most trusted mobile tools developer, allowing users to live their lives with their mobile devices safely and more easily.
2. Who or what helps you in coming up with new, creative ideas?
My colleagues are a huge inspiration to me. That’s one thing that I really enjoy about working at Avast – anyone and everyone can come up with new ideas to brainstorm. We are one big think tank.
3. What’s one thing that every user should know about his/her mobile device?
Users should be aware of the risks that mobile malware poses to their personal information and data. Although malware on mobile devices is less likely to break a user’s device than that of a PC, malicious apps can harvest and steal a lot of personal data. Even apps that aren’t malicious (often free apps) can access a lot of personal information. The more personal info that is shared, the more likely it is that a user’s privacy could become compromised.
4. What’s your favorite security tip?
Make sure to be careful when connecting to public Wi-Fi networks. Packet sniffing, or the monitoring of data traveling over a network, can be used to steal information and is very easy for hackers to carry out. It’s in your best interest to use a virtual private network (VPN) when connecting to unsecured networks.
5. Name one goal you’ve set for yourself at Avast.
I’d like to see Avast Mobile Security (AMS) become the most popular app that provides users with a straightforward, user-friendly overview of app permissions. AMS is an extremely versatile app with lots of potential, and I envision it serving as a true “guarding angel” for users, protecting them against mobile malware and allowing them to become familiar with the apps they use on a daily basis.
Avast’s mobile team recently held the second Avast Mobile Internal Conference (AMIC) in Prague, where the entire team came together to keep one another in the loop about the company’s apps and products, team activities, and goals for the department’s future. A series of lectures and interactive activities encouraged synergy and collaboration between product teams. In addition to everything that was accomplished at AMIC, the mobile team still managed to have quite a bit of fun at the conference. We’d like to congratulate the mobile department on this successful and productive event!
Mobile is attractive to cybercrooks
Our mobile phones are fantastic little devices — these days, they’re as powerful and can accomplish nearly all the things a regular computer can. While this is convenient for us, it also gives cybercrooks a relatively easy in-road to your private data and financial information. As 2015 rolls along, consumers continue to become more aware of mobile security options available to them, since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information.
Last year, more than 1 billion Android devices were shipped out to customers around the world. With Android winning the majority of the smartphone market, it offers a tempting target to malware authors. The average user is not especially concerned about being infected with a virus on their phone or tablet, but unfortunately, mobile malware is more than just a myth. Avast currently has more than one million samples of mobile malware in its database, with 2,850 new mobile threats being created every day by hackers.
Even if you think your chances of being infected with malware are low, we suggest that you go ahead and install a good mobile antivirus software. The great thing about Avast Mobile Security is that it’s free, so your investment is minimal – just a few minutes of setup and you’re ready to go.
Avast Mobile Security includes antivirus protection which scans your apps to see what they are doing, and a Web shield that scans URLs for malware or phishing. Malicious apps allow malware to enter your phone, so it’s good to have Avast on your side to detect when a bad one slips by on Google Play or another app store.
Avast Mobile Security did not commit any mistakes when tested with 1,932 legitimate apps from the Google Play Store and 981 legitimate apps from third party app stores. In addition, all this protection, according to AV-TEST, did not “impact the battery life”, or “slow down the device during normal usage”, and “does not generate too much traffic”.
To compare the choices of mobile antivirus software, you can look at the January 2015 “Mobile Security Test” conducted by the independent labs at AV-TEST. They looked at 31 popular Android security apps. Avast Mobile Security tops the list because it detected 100% of malicious apps without any impact on the battery life or slowing down of the device.
AMS Referral Program
In the latest update of Avast Mobile Security, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!
Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium. Cool, huh?
There you have it — we’re huge fans of Avast Mobile Security, and we think you will be too. Download Avast Mobile Security for free on Google Play.
Android Malware Xbot Spies on Text Messages
In the past few weeks, the Avast Mobile Security analysts have been focusing on Android malware which targets users in Russia and Eastern Europe. One of the families that caught our interest was the Xbot malware.
The name Xbot comes from the sample itself as the string Xbot was found in all variants of this malware. Xbot uses a variety of names and package names but this string was, with different levels of obfuscation, in every single file we analyzed so we decided to name the malware after it.
Xbot is not an app itself, but is included in different apps. We didn’t identify it in apps available on Google Play, but on local Russian markets like www.apk-server12.ru. Users in Eastern Europe use markets other than Google Play more than West European and U.S. users do, that might be one of the reasons why the cybercriminals chose this distribution channel. Xbot tries to hide behind apps that look like legit apps, like Google Play or the Opera Browser. It collects tons of permissions which allows it to spy on user’s SMS and the malware could potentially spy on people’s phone calls in the future, too. It also sends premium SMS behind the user’s back, so basically it is malicious through-and-through.
From the beginning of February we have seen 353 Unique Files with more than 2570 Unique Install GUIDs. These numbers are not the highest ones we’ve ever seen but still, it allows us, unfortunately, to see the potential of Android malware and social engineering.
The author hides a message
One interesting thing we discovered is that the malware author is not shy about expressing his anger with the antivirus companies who detect his masterpiece. Sometimes we find embedded messages addressed to Malware analytics. This one is quite strong. See if you can spot it: //9new StringBuilder (“FUCK_U_AV” )).append(“1″).toString();. Messages like this are nothing new in malware samples because security companies like Avast can really cut into the bad guys’ income from this type of malware.
The author tries to cover his tracks
As a part of anti-analysis protection, the author(s) try to obfuscate these samples to make them harder to read. But this protection is fairly simple, as it usually consists of adding additional junk characters which are excluded at runtime or the Proguard, which mangles the method names and file structure. Read more…
Avast Mobile Security includes many handy anti-theft features that can help you locate your stolen or lost phone. You can wipe it remotely, it informs you if your SIM card has been stolen, and even allows you take pictures of the person who took your phone. Another cool feature of Avast Anti-Theft is the siren. I decided to test the siren with my friend, who had just downloaded Avast Mobile Security, to see how it could affect a phone thief.
What does the Avast Anti-Theft siren do?
The Avast Anti-Theft siren was developed by the Avast mobile team to be activated when you either lose your phone (even if it is misplaced in your room and on silent) or if it gets stolen. The siren continuously and loudly says the following, by default, when activated: “This device has been lost or stolen!”. In the advanced settings of Avast Mobile Security you can customize what message the siren will sound, if you do not want to use the pre-set message. You can do this under “Select Sound File” or “Record Siren Sound”.
The siren is designed to frighten phone thieves, or to warn people surrounding the thief that the phone might be in the hands of the wrong person. When the first siren cycle began, we tried to turn down the volume. However, the alarm would begin again at the loudest possible volume. We then decided to see what would happen if we took out the battery, this stopped the siren of course, but as soon as we put the battery back in, the siren started to go off again. To say the least, we agreed that it would effectively frustrate and annoy a thief too.
How to turn off the siren
After a minute of testing the app, we decided to turn off the siren using one of these two possible methods:
MyAvast: You can control your phone remotely via your MyAvast account. In your MyAvast account you can keep track of all your devices that have Avast products installed on them. From within your MyAvast account you send numerous Anti-Theft commands to your phone, including activating and deactivating the Anti-Theft siren. Once you are logged into your MyAvast account click on the name of the mobile device you want to control and then click on the siren symbol. From there you can send a command to turn the siren on and off.
SMS command: Using the Avast PIN you set up when you downloaded Avast Mobile Security, you can send SMS commands to your phone to remotely control it. To turn the siren off, text your Avast PIN followed by “SIREN OFF” to your phone.
Have fun checking out Avast Mobile Security’s cool and handy Anti-Theft features, but, please, use caution when testing the siren
A couple of days ago, a user posted a comment on our forum regarding apps harboring adware that can be found on Google Play. This didn’t seem like anything spectacular at the beginning, but once I took a closer look it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies.
The Durak card game app was the most widespread of the malicious apps with 5 – 10 million installations according to Google Play.
When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?
Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.
An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don‘t stop. This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised “solutions” and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.
Avast Mobile Premium detects these apps, protecting its users from the annoying adware. Additionally, the apps’ descriptions should make users skeptical about the legitimacy of the apps. Both in English and in other languages such as German, were written poorly: “A card game called ‘Durak‘ – one of the most common and well known game“.
The apps‘ secure hash algorithm (SHA256) is the following: BDFBF9DE49E71331FFDFD04839B2B0810802F8C8BB9BE93B5A7E370958762836 9502DFC2D14C962CF1A1A9CDF01BD56416E60DAFC088BC54C177096D033410ED FCF88C8268A7AC97BF10C323EB2828E2025FEEA13CDC6554770E7591CDED462D