Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus


Posts Tagged ‘identity theft’
July 1st, 2015

Shopping online just got a little more risky

One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.

The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”

Minimize your risk for identity theft when shopping online

Minimize your risk for identity theft when shopping online

Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.

We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.

But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.

So how do you minimize the risk of online shopping?

Read more…

February 20th, 2015

Americans willingly risk privacy and identity on open Wi-Fi

Is the convenience of open Wi-Fi worth the risk of identity theft? Most Americans think so.

In a recent survey, we found that only 6% of Americans protect their data by using a virtual private network (VPN) when using public Wi-Fi with their smartphone or tablet.  That leaves a whopping 94% unprotected. Why is this?

Do people not know the risks of using unsecured public Wi-Fi?

Is avoiding data overages or the convenience of no password more important than the data on their devices?

Are they not aware that there is protection available?

Are they scared they won’t understand how to use VPN because of the technical sounding name?

The truth about open, public Wi-Fi

The truth is that using unprotected Wi-Fi networks could end up costing you your privacy and identity when you use them without protection like Virtual Private Network (VPN) software. This is because unsecured networks, those are the ones that do not require registration or a password, give cybercrooks easy access to sensitive personal information.

“As mobile cloud storage becomes more popular and the quest for free Wi-Fi continues to grow, open networks that require no passwords place unprotected consumers at great risk of compromising sensitive personal data,” said Jude McColgan, president of mobile at Avast.

“The majority of Americans don’t realize that all the personal information on their mobile devices becomes defenseless over public Wi-Fi if used without protection. These networks create an easy entry point for hackers to attack millions of American consumers on a daily basis.”

WiFi survey blog

Avast can protect you and it’s not hard or expensive

“Unfortunately hacking isn’t a complicated process – there are tools available online that anyone can easily use to steal personal data,” says Ondrej Vlček, Chief Operating Officer at Avast. “Avast SecureLine VPN allows users to browse the web anonymously and safely, especially while using open Wi-Fi.”

Avast SecureLine VPN protects your Internet connections with military-grade encryption and hides your IP address. If that sounds like mumbo-jumbo to you, what it means is that essentially our VPN protection makes your device invisible to cybercriminals. In addition to that, using the VPN hides your browsing history, so no one can monitor your behavior online. We assure you, it’s as easy as can be to use.

Avast SecureLine VPN is available for Android phones and tablets on Google Play and for iOS devices in the Apple App Store. We also have VPN available for Windows PCs.

November 7th, 2014

Home Depot discloses that 53 million customer email addresses were stolen

Home-Depot-ApronThe Home Depot security breach last spring has gotten worse. In addition to the 56 million credit-card accounts that were compromised, around 53 million customer email addresses were also taken, according to a statement from Home Depot about the breach investigation. Home Depot assures its customers that no passwords, payment card information like debit card PIN numbers, or other “sensitive” information was stolen.

The breach occurred when cybercrooks stole a third-party vendor’s user name and password to enter their network in April 2014. The hackers then deployed unique, custom-built malware on Home Depot’s self-checkout registers in the United States and Canada.

The company said that as of September 18, the malware had been eliminated from the network.

Request your free identity protection

The Home Depot is notifying affected customers and still offering free identity protection services, including credit monitoring, to any customer who used a credit or debit card at one of its 2,266 retail stores beginning in April. Customers who wish to take advantage of these services should visit or call 1-800-HOMEDEPOT (466-3337).

The Fallout

Home Depot said that customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails.

  • Review your credit card statements carefully and call your bank if you see any suspicious transactions.
  • Be aware of phone calls or emails that appear to offer you identity theft protection but are truly phishing schemes designed to steal your information. Always go directly to The Home Depot’s website or to the AllClear ID website, or call Equifax for information rather than clicking on links in emails.

Get more information from Home Depot’s Facebook page.


Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.


June 10th, 2014

Keep your phone safe from hackers and thieves while on vacation

Traveling to Brazil for the 2014 FIFA World Cup, or just headed out to your local beach for a daytrip? You remember to pack your sunglasses, a hat, and plenty of sunblock, but don’t forget that your mobile gadgets need protection too.

world-cup-hackers Here’s a couple more items for your packing list:

  • avast! SecureLine VPN to protect against dodgy public WiFi
  • avast! Mobile Security and Anti-Theft to protect against thieves

That free WiFi HotSpot could get you in hot water!

Spectators at the 2014 FIFA World Cup Brazil will have lots of choices of free WiFi. At least 6 of the 12 World Cup stadiums have access to free WiFi built in, and planners have created WiFi hotspots across 2,300 access points, including parks, squares, and public transit stations. Fans not watching in person will check scores on their phone or watch live streaming matches by connecting to free WiFi at hotels and bars.

“A WiFi attack on an open network can take less than 2 seconds,” tweeted @ExtremeNetworks recently. Cybercrooks can access and steal your personal data when you connect to these unprotected networks. Having your identity stolen and bank account emptied out while on vacation could ruin any trip – even one to paradise!

“Hackers target public hotspots, where it’s easy to follow every move that users of the WiFi connection make, allowing them to access emails, passwords, documents, and browsing behavior,” said Vincent Steckler, Chief Executive Officer of AVAST Software.

Use a VPN service to make sure that doesn’t happen. avast! SecureLine VPN protects your privacy by making your logins, emails, instant messages, and credit card details invisible to spying.

Read more…

Comments off
April 1st, 2014

Email with subject “FW:Bank docs” leads to information theft

In this blogpost we will look deep into a spam campaign, where unlike other possible scenarios, the victim is infected by opening and running an email attachment. In the beginning of this year, we blogged about a spam campaign with a different spam message – a fake email from the popular WhatsApp messenger. This time we will look at spam email which tries to convince the victim that it originates from his bank. The malicious email contains contents similar to the following one:

Subject: FW: Bank docs

We have received this documents from your bank, please review attached documents.
<name, address>


promo Read more…

Comments off
March 18th, 2014

Fake Korean bank applications for Android – Pt 3

Recently, we discovered an account on GitHub, a service for software development projects, that has interesting contents. The account contains several projects; one of the latest ones is called Banks, and it has interesting source codes.  The account contains information like user name, photo, and email address, but we cannot tell who the guy in the picture is. He might not be related to the contents at all, it could be a fake picture, fake name, or simply his account may have been hacked, his identity stolen, and the Banks repository created by someone else without his consent. In this blog post, we will explore the source codes in detail.

When we downloaded the repository, we found several directories – GoogleService and fake applications imitating mobile applications of five major Korean banks – NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank and Woori Bank.



We previously published two blog posts with analyses of the above mentioned fake applications.

When we look at GitHub statistics, and Punchcard tab, it tells us what time the creators were most active. From the chart below you can see, that Saturday mornings and evenings and Sunday evenings were the most active times of comments of new versions. It seems that authors of this application do the development as a weekend job. At the time of writing this blogpost, the last update of fake bank applications was in the beginning of January 2014.


This is not the first attack against users of Korean banks. About a year ago, we published this analysis.


Github, the web-based hosting service for software development projects, offers a lot of interesting contents, which depending on its settings can be later found and accessed by virtually anyone, including Google robots.  We managed to find the above mentioned repository by simply Googling the strings which occurred in a malicious Android application.


The author would like to thank to Peter Kalnai and David Fiser for help and consultations related to this analysis.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 3rd, 2014

Fake Korean bank applications for Android – part 2

In February, we looked at the first part of the fake Korean bank application analysis along with Android:Tramp (TRAck My Phone malicious Android application), which uses it. In this blogpost, we will look at another two Android malware families which supposedly utilize the same bunch of fake Korean bank applications. At the end of this article, we will discuss the origin of malware creators.

Analysis of Android:AgentSpy

It is interesting to search for references of bank applications package names – KR_HNBank, KR_KBBank, KR_NHBank, KR_SHBank, KR_WRBank. One reference goes to a malicious application called Android:AgentSpy. The infection vector of this application was described by Symantec, contagio mobile and Alyac. We will not delve into details, we will just mention that the malicious application is pushed to a connected mobile phone via ADB.EXE (Android Debug Bridge). The uploaded malicious file is called AV_cdk.apk.

Android:AgentSpy contains activity MainActivity and several receivers and service CoreService.


Monitors android.intent.action.BOOT_COMPLETED and android.intent.action.USER_PRESENT and if received, starts CoreService. It also monitors attempts to add or remove packages – android.intent.action.PACKAGE_ADDED and android.intent.action.PACKAGE_REMOVED.


1) Calls regularly home and reports available connection types (wifi, net, wap), IMSI, installed bank apps

2) Regularly polls C&C and responds to the following commands

sendsms – sends SMS to a given mobile number

issms – whether to steal received SMS or not

iscall – whether to block outgoing call

contact – steals contact information and upload them to C&C

apps – list of installed bank apps

changeapp – replaces original bank applications with fake bank applications

move – changes C&C server

PhoneListener receiver

Moniors new outgoing calls. If android.intent.action.NEW_OUTGOING_CALL is received, information about the outgoing call is sent to C&C.

Config class

Contains C&C URL, name of bank packages (String array bank), name of fake bank packages (String array apkNames). It also contains reference to conf.ini configuration file.


Analysis of Android:Telman

One more Android malware family, which uses fake bank applications is called Android:Telman. Similarly to Android:Tramp and Android:AgentSpy, it checks for installed packages of the above mentioned banks. Read more…

February 17th, 2014

Fake Korean bank applications for Android – PT 1

About a year ago, we published this analysis about a pharming attack against Korean bank customers. The banks targeted by cybercriminals included NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank, and Woori Bank. With the rise of Android-powered devices, these attacks now occur not only on the Windows platform, but also on the Android platform. In this blogpost we will look at a fake bank application and analyze several malware families which supposedly utilize them.

Original bank application

We will show just one bank application for brevity. For other banks the scenario is similar. The real Hana Bank application can be downloaded from Google Play. It has the following layout and background.

Read more…

October 29th, 2013

How many variations of “qwerty” and “1234″ can you think of?

passwords strip_

I am quite surprised at how inventive people can be when it comes to the thinking up weak passwords. The obviously weak combinations like ’1234′ or ‘qwerty’ along with names and phone numbers are quite common parts of passwords.

Some background

The story begins with me fighting a familiar piece of malware, Bicololo, which is spyware designed to steal the identity from users of Russian social networks. A routine task you might say. This time the authors were less cautious with settings on their rogue servers, so I managed to get hundreds of freshly-stolen credentials. What to do with them? The first thing I tried was contacting support of the affected social network to get users warned and passwords reset. Unfortunately, my effort met no success there; they did not even bother to answer my mail! So instead of getting to warn hundreds of innocent users on the Russian social network,  I used this unique opportunity to analyze the habits users have regarding their passwords and share it with our AVAST readers.

Once I cleaned up the data, I received about 850 unique combinations of username-password pairs. This is not enough variants for the results to be widely  representative. The data was obtained from a rather specific group of (less experienced) users whose lack of knowledge allowed their computers to be infected. I expect the general reality to be a bit better than my results. Though my findings are not scientifically-correct, they can give us some insight into the problem and show us examples we should avoid while choosing our passwords. Read more…

Comments off
May 31st, 2013

Facebook profiles are cloned

A low-tech type of identity theft is threatening Facebook users in South Africa. Facebook “cloning” has been around for years, but has had a revival this past week. We learned about it in a personal way – the brother of an Avast colleague, Richard B. from South Africa, had his profile cloned and notified Richard.

facebook clone warning


The way it works is that a cybercrook copies the victim’s profile photos, then uses them to create fake accounts. Then, using the victim’s details, a friendship request is sent to friends. The clue that something fishy is happening comes when you receive the request, but thought you had already ‘friended’ that person. One Facebook user explained in an article on that he received a friendship request from his sister while she was sitting next to him.

Cloned accounts can be used to send spam messages, initiate scams, and possibly steal personal information that could be used for more serious identity theft. In the recent cases, there are reports that once the request has been accepted, the scammer starts soliciting money from ‘friends’.

It can also be used for social media sabotage. An experiment conducted in 2011 showed that the implications of this type of social engineering range from mere trickery to damaging reputations. You see, through the ‘trusted friends’ password recovery feature, it is possible that someone can reset your password and gain access to your account.

Check privacy settings and be cautious about who you friend and what you share. This video explains about the recent attacks and how to avoid your profile being cloned.

edit: changed image