Category Archives: Avast

Avast

The evolution of the Retefe banking Trojan

Three weeks ago, we published a blog post about the
Retefe banking Trojan
, which began targeting banking customers in the United Kingdom. The Trojan steals login credentials and other personal information. Retefe is usually spread via a phishing email. The email contains a document, which is embedded with malicious JavaScript and user interaction is needed to activate the Trojan.

Another UK bank has now been added to the list of affected banks. The main behavior of the Trojan has largely remained unchanged, with the exception of its malicious components. The infection vector, as well as the installation of the malicious certificate, are the same as we reported in our last blog post.

Once the JavaScript runs it attempts to kill open Web browser processes. It then installs a fake certificate and changes the proxy auto-config URL. All scripts are obfuscated with the Dean Edwards packer. This behavior is similar to the previous version of Retefe.

The JavaScript, however, now contains three powershell scripts, two of which are the same as in the previous version. ConfirmCert clicks “OK” in the window displayed during the installation of the rogue certificate and AddCertFF adds the rogue certificate to FireFox. InstallTP is the new powershell script. It downloads and installs three programs: Task Scheduler wrapper, Tor and Proxifier.

The Task Scheduler Managed Wrapper is downloaded from Codeplex. This adds the option to use the object “New-Object Microsoft.Win32.TaskScheduler.TaskService”, which is later used for establishing persistence.

The Tor client gives the Trojan the possibility to access .onion domains directly.

Proxifier, as stated on their website, “allows network applications that do not support working through proxy servers to operate through a SOCKS or HTTPS proxy and chains.”.

The AutoConfigURL contains a link to a .onion domain and it can be reached now because Tor was, installed.

AutoConfig URL Retefe.png

Mr. Robot Review: unm4sk-pt1.tc and unm4sk-pt2.tc

The two-part premiere of season two of Mr. Robot did not disappoint! The episodes focused more on the current state of the main characters than on hacking and a lot has changed since season one.

Elliot is trying to get his life back on track. He is living with his mom, has developed a routine, which includes attending a Church group, and keeps a journal. Mr. Robot does not like the new Elliot and is itching to get back to work, taunting Elliot. Darlene is leading fsociety in the meantime, but the group’s other main hackers seemed to have disappeared. Angela has joined the dark side and is working as a PR Manager for E Corp. Joanna, Tyrell’s wife, has found a new BDSM buddy to fill her missing husband’s void.

We were also introduced to some new characters and I am looking forward to learning more about them as the season goes on. There is the FBI agent investigating the E Corp hack and Elliot has also made a “new friend”, Ray. Ray wants to do business with Elliot, but Elliot is not interested – but Mr. Robot seems to be…

Mr._Robot_USA_Network_s2e1.jpg

Image via: USA Network @whoismrrobot

What we can learn from the hacks on season one of Mr. Robot

Mr. Robot is coming back to USA Network on Wednesday, July 13th at 9/10 pm Central (tonight!) for its second season and I cannot wait (especially since I missed Sunday’s sneak preview)! Season one was full of complex hacks that were, for the most part, accurately portrayed. By speaking to various Avast experts, I learned a lot about the hacks on the show last summer and how they could affect consumers like you and I.

Mr_Robot_season_2.jpg

Image via: USA Network @whoismrrobot

Here’s a recap of what we learned from the hacks in season one of Mr. Robot:

What businesses can learn about cybersecurity from season one of Mr. Robot

Season one of last summer’s hit new TV show, Mr. Robot, was filled with interesting and, for the most part, accurately portrayed hacks. The hacks were carried out by the show’s main character Elliot and hacker group fsociety. Their goal throughout the season was to take down the multi-national conglomerate, E Corp.

Mr.Robot_season_2_premier.jpg

Image via: USA Network @whoismrrobot

Although the hacks on the show were rather complex and to a certain extent elaborate, there are a few things SMBs can learn from them.

Tools deliver false promises to YouTubers and Gamers

If you have a YouTube account and are an aspiring YouTube star, you may have wondered if there’s an easy way to speed up the slow process of raising your channel to the top. If you’re a slow-moving gamer looking for a simple way to advance your skills, you may have wished for coins to make more in game purchases and progress. If you search the Internet, you will definitely find websites with good advice on how to promote your content and even tips on how to create good videos and how to improve your gaming abilities.

“Want more subscribers? No problem!”

There’s much more available on the Internet than just advice and tips. You can also find websites, tools, and bots that promise to quickly boost a user’s YouTube or other social channels. Looking for more subscribers or followers? You’re in luck — we found a website where you just fill out a short form and click on a button or download their tool. Of course, there are comments left by satisfied customers who are promoting the tools. Since you’re not the first to use the tool and it has good reviews by others, it has to work, right? 

Add YouTube subscribers.png

Webpage of the tool we took a closer look at

Tools deliver false promises to YouTubers and Gamers

If you have a YouTube account and are an aspiring YouTube star, you may have wondered if there’s an easy way to speed up the slow process of raising your channel to the top. If you’re a slow-moving gamer looking for a simple way to advance your skills, you may have wished for coins to make more in game purchases and progress. If you search the Internet, you will definitely find websites with good advice on how to promote your content and even tips on how to create good videos and how to improve your gaming abilities.

“Want more subscribers? No problem!”

There’s much more available on the Internet than just advice and tips. You can also find websites, tools, and bots that promise to quickly boost a user’s YouTube or other social channels. Looking for more subscribers or followers? You’re in luck — we found a website where you just fill out a short form and click on a button or download their tool. Of course, there are comments left by satisfied customers who are promoting the tools. Since you’re not the first to use the tool and it has good reviews by others, it has to work, right? 

Add YouTube subscribers.png

Webpage of the tool we took a closer look at

Avast and AVG: A Future Together

 

AVG_logo-912378-edited.png

As many of you know, there are two security companies that often get confused: Avast and AVG. Shortly after I started as CEO almost 8 years ago, I remember giving a presentation to a large audience about Avast. About an hour later, a gentleman walked up to me and complimented me on how good the presentation was and how he enjoyed hearing about AVG. That was my first lesson in how easy the companies are to confuse.

This confusion is because the companies are so very similar. Both company names start with the letters “AV”. Both started in the late 1980s and were amongst the first few companies formed to fight the viruses and malware nearly 30 years ago.  Both are historically Czech: Avast was founded in Prague and is still based there while AVG was historically in Brno, the two largest cities in the Czech Republic. Both pioneered the free distribution of top quality security products (although to be honest, I must admit that AVG was first and we followed). Both make great security products. Both are innovators with world class R&D teams. Both have most of their users outside of their home Czech market. Both have had similar user bases for many years: about 200M each. And most importantly, both treat their users with respect and consequently each has a large and loyal user base. One slight difference though is that while Avast is a private company, AVG is public and listed on the New York Stock Exchange.

Permission to Punch the Presidential Candidates

The 2016 U.S. presidential primaries are well under way and the candidates are a hot topic in the media, social media and in real life discussions. With all the buzz, I was curious to see how Android app developers are taking advantage of the candidate’s popularity and what permissions the apps request.  So with this mission in mind, I started downloading and testing these apps.

Trump Apps – Permission Heavy

When I searched for “Trump” in Google’s Play Store, I wasn’t really too surprised to see a lot of silly apps. Mr. Trump has a certain reputation and it seems like app developers are taking advantage of his reputation.

Here are the top apps that appear when you search for “Trump” in the Play Store:

Top_Trump_apps_Play_Store.png