Category Archives: Avast

Avast

Online privacy protection in the EU

It’s European #‎DataProtection day! Every day we visit websites and willingly hand over our name, address, and credit card number. Have you ever thought about what happens to that data or what your rights are?

European ‪#‎DataProtection‬ day

Avast keeps your personal data private.

 

Members of the European Union (EU) enjoy a high standard of protection of their personal data. The Digital Agenda for Europe lays it all out for you on their website. Here’s a summary:

The burden to protect you is on organizations

The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organizations that collect and manage your personal information must also protect it from misuse and respect certain rights. One of the objectives is that organizations notify their customers, in plain language, what information is collected and how it is used as well as get permission before using any personal information.

One of the stumbling blocks has been the so-called one-stop-shop for businesses and citizens in each member state in which authorities will handle citizens’ complaints about any breach of the rules. There are just as many ideas on how to run it as there are EU member states.

You must be notified of cookies and data breaches

The Directive on Privacy and Electronic communications (ePrivacy Directive) ensures that all communications over public networks maintain a high level of privacy. For example, this directive requires website owners marketing online to EU citizens to obtain consent from users, via some kind of opt-in, before implementing cookies or other technologies to capture online visitor information. (See below for information on managing your cookies.)

If your data is stolen, the ePrivacy Directive states that you should be notified. That’s good because data theft can result in identity theft or fraud, damage to your reputation, loss of control over your personal data or a loss of confidentiality.

However, this fall, the rules changed slightly and now businesses don’t have to notify consumers that their personal data has been lost or stolen if the data has been encrypted. The ministers figure that the business has “appropriate technological protection measures” to protect the data that has been lost or stolen from being accessed by people not authorized to see it.

Viewing and managing your cookies

For those of you not familiar with the term, cookies are small files stored in your browser that contain information about your visit to a web page. They help tailor your online shopping experiences by doing things such as recording items in your shopping cart, they also recommend products based on your interests, allow auto-log in and compile browsing histories.

In most modern browsers, you can control cookie settings. The options include viewing stored cookies, controlling which sites you accept cookies from, and setting how long they may be stored and used.

Chrome

  1. 1. Open the drop-down menu in the top right corner of the Chrome browser, select Settings.
  2. 2. At the bottom of the page, click Show advanced settings.
  3. 3. In the Privacy section, open the button that says Content settings.
  4. 4. Under Cookies, you check or uncheck the options to manage the settings.
  5. 5. To see individual cookies, click All cookies and site data.
  6. 6. To remove cookies, hover the mouse over the entry. Click the X to delete.
  7. 7. To delete all cookies, click Remove all.

Firefox

For instructions to clear cookies in Firefox, please visit Mozilla’s support page.

Chrome

For instructions on clearing and managing cookies in Internet Explorer, please search Microsoft help for your version of IE. Here’s general information.

Infographic: Privacy tips for business

Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.

Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.

Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.

To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:

DPD-Privacy-is-Good-for-Business-2014_1_13

  • If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
  • Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
  • Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
  • Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
  • Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
  • Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.

How to access accounts protected by two-factor authentication if you lose your phone

howto asian guy newQuestion of the week: I use two-factor authentication when logging into my accounts to keep them safe, but what happens if I lose my phone? Can I still access my accounts?

Security-minded individuals know the benefits of using two-factor authentication to keep their online accounts safe. For those of you who are not familiar with it, two-factor authentication is a security process which uses a combination of two different components, like something that you know, a master password or PIN, for instance, and something that you possess, like a token which can generate a number code or, more conveniently, your smartphone.

Using these two things in combination can provide unique identification when entering a site because you provide the password as well as a one-time use security code generated by your security token.  If someone learns your password, your accounts are still protected because they need the security code too. Two-factor authentication can reduce the incidence of identity theft and phishing, and we suggest the use of it.

Google Authenticator

Google Authenticator gives you a security token to use with your own password.

There are a number of authenticator apps made for Android smartphones. For example, Google Authenticator lets you use a security code and your own password for sites and services like Facebook, Dropbox, Evernote, and WordPress. The app creates a link between your account and your device.

I lost my phone. How do I access my accounts?

If you are so security-minded that you use two-factor authentication to begin with, then you have probably taken precautions before you lose your phone. The majority of authenticator services allow a way to recover your access and remove the authorized device from your account. That is, if you change your mobile device, then you can disable the two-factor authentication from your account before doing so. Most commonly, you would use backup codes, send the codes via SMS to a trusted backup phone, or use a trusted computer. Sometimes, the service providers take several business days to verify your identity and, if possible, grant you access again.

But, if you failed to plan ahead and you lose your phone or if you buy a new smartphone without disabling the account, to use two-factor authentication again, you’ll need to install an authenticator app on your new device. The old device and the old backup codes won’t work anymore. Some of the sites you have synced to may also have their own procedure, for example, Dropbox.

Recently, an app is making the use of this security measure much more convenient. Authy is an app that manages your two-factor accounts on Android devices, iPhones, and even your PC. Any of these devices could be used to generate tokens and sync with each other. One authorized device could de-authorize a stolen one. A master password could block the access to Authy in these multiple devices and your settings are all kept encrypted locally. Neither Authy’s developers nor hackers would be able to access the tokens.

Anti-theftMaybe this complex recovery process is what does not make two-factor authentication omnipresent. But, after all, you just need to take a few precautions to increase your security a lot.

What to do before your smartphone is lost

Of course, it’s better not to lose your devices and for this, you should install and configure Avast Anti-Theft, which can help you find a lost device and even recover a stolen one with its tracking features. It can be downloaded and used for free from the Google Play Store.

Do Not Disturb: How to disable messages, popups, and alerts in Avast

Make Avast quiet when you are playing games or giving presentations.

We know you love Avast, but when you are giving a presentation to the big boss, or concentrating on playing an important game, it may not be the best time for a popup that says your computer is running slowly to appear. That’s why we made it easy for you to silence Avast.

Avast silent/gaming mode for presentations

This is NOT a good time for an Avast notification to appear. Learn how to silence Avast when you need to.

Silent/gaming mode

Activate the Silent/gaming mode when don’t want to be interrupted. This will cause Avast to run in silent mode when a full-screen application is running. This means your games or other full-screen applications will not be interrupted with annoying popups or other messages.

Turn this mode on quickly by clicking on the orange Avast icon located in your computer’s system tray. Right-click on the Avast icon and a short menu will appear. Click on Silent/gaming mode to turn it on.

You can also access this option within the main user interface. Go to Settings>General and check the box for Silent/gaming mode. This will disable messages, popups, and alerts in Avast.

Avast sounds

Turn off sounds

Silence notifications: Open the Avast user interface. Click Settings>General>Sounds and uncheck the Enable Avast sounds box. You can also uncheck the Voiceovers within the Sounds settings.

Choose the notifications you want to silence: Avast has six “events” that have notifications associated with them.. These events are Threat detected, Suspicious item detected (we suggest you keep these two on), Potentially unwanted program (PUP) detected, Scan complete, Automatic update, and Firewall query. You have the option to uncheck these boxes as well.

Turn off popups

Occasionally, we offer our users great products like GrimeFighter but we understand if you don’t need to see the notifications anymore. Our customers who have a paid-for version of Avast, have an option for you to turn those off completely.

Once again, open the Avast user interface and go to Settings>General. Scroll down a bit, and you’ll find a heading called Popups. Expand that and you’ll see all kinds of options. You can discontinue seeing all popups, but you might miss a warning or alert, so we don’t suggest that. Instead, you can tweak the duration (how many seconds the popup appears) of the different types of popups. It’s all laid out for you, so you can adjust all you want.

Users of our free product have the option to change the duration of the popups.

Turn off GrimeFighter

GrimeFighter is a standalone optimization tool that cleans and speeds up your system by removing bloatware, trialware, adware, and other unwanted ‘Grime’ so that your computer is running in its most optimal state. If you have an old laptop like I do, you may have seen a popup similar to this.

popup example 2

Instead of turning it totally off, we suggest that you modify the settings. For example, you can tell GrimeFighter to notify you only if it finds a certain amount of issues or after a specific amount of time, say, once a month.

But if you want to turn off GrimeFighter pop-ups, then open your Avast interface and go to Settings>Tools>GrimeFighter and click the Customize button. Uncheck the box that says Always test this computer for Grime. You can also turn off GrimeFighter completely in Settings>Tools. Move the slider to the OFF position.

Turn off Software Updater

Software Updater is an extremely useful feature because it notifies you about outdated software that needs your attention. You can, however, check for outdated software manually by opening the user interface. So if you want to disable the notices, then go to Settings>Tools>Software Updater and click on Customize. Uncheck the option Notifications (popups) enabled.

You can also turn off Software Updater completely in Settings>Tools. Move the slider to the OFF position.

Selling or giving away your old smartphone or tablet?

Take these steps to ensure you don’t give away your data when you sell your old smartphone!

Remove your data beofre selling your smartphone

You got a new device for Christmas and have finally finished migrating the data and apps from your old one to the new one. Now you’re thinking about what you can do with your old smartphone or tablet, and you come up with two alternatives: Sell it or give it away.

You’ve heard about some sites on the internet where you can sell your phone, so you do some research and decide on a fair price for your used device. Register yourself at the site and… Wait. Something suddenly occurred to you.

Will the new owner be able to see my personal stuff on my old phone?

 

You’re right to think about that because Tens of thousands of Americans sell themselves online every day. Not only do they sell the devices, they sell themselves as all the personal data could be recovered.

eBay infograph June 2014If you don’t want a stranger to see your selfies, discover your bank account details and your credit card numbers, and even some problematic Snapchats and SMSs… you need to do something. Do you remember the celebrities photos scandal?

So what to do? Use a hammer? Well, there are other options.

1. Backup your important data

Much of our lives are stored in our smartphones: Photos, music, videos, personal and professional contacts, call logs and SMSs. And you want all this stuff in your new device, don’t you? Avast Mobile Backup was specially designed to make this easier for you. It makes a backup in your Avast account (or in your Google Drive storage) and then allows you to recover them in a new device: All your paid apps and games (with their data) will be restored.

If you have a MicroSD card, remove it from your device and insert it into your PC, making a full copy and paste operation for all files. Remember that many Android devices store photos and other media files in the DCIM folder of the internal memory. Back it up, too.

Make sure your contacts are being synced with your Google account in order to restore them automatically in the new device: Check Settings > Accounts> Google> your email address and verify if “Contacts” is checked and already synced.

2. Disconnect your smartphone from your wireless carrier

This is especially important to allow the buyer to activate his/her own service. If you don’t do that, the phone will be linked to your services and you’ll need to inform the buyer of your email address or your new number so he/she can set up their own account. So, do it now, after you backup your data.

3. Unlink your smartphone from two-factor authentication services

If you set a two-factor authentication in your online accounts, be sure to unlink your device from the online accounts before wiping it (see next step) or selling it. We will post about this next Tuesday, so come back to our blog.

4. Wipe your device

It’s not enough to delete the photos and files from your phone. They will remain there and specialized tools are able to recover them. You need to wipe. But, remember, it’s not enough. Even going for it, you need to use an app or service that deeply wipes, so the files are unrecoverable on your device. Avast Anti-Theft does this for you. You just need to go to your Avast account and send the command to wipe your phone.

Android also offers a factory reset (Settings > Backup & reset > Factory data reset). This step is a no-return one. Make sure you have followed Step 1 consciously.

Of course, it will be good if after that, you remove your SIM card and keep it with you, without selling or passing it away. That allows you to keep your phone number, too.

5. Wipe your memory card

Along with the internal memory of your phone or tablet, many of them allow you to use an external card. To clean it, turn off your phone, remove the card, and use Avast Data Shredder to wipe all the files. If you have our Premier product in your PC, you have access to the data shredder. Put your card in your computer, open Avast, then go for Tools > Data Shredder > Shred whole partition. Choose your card and then click on Shred. If you have Avast Free Antivirus, you can find other free tools on the internet that does the wiping job for you.

6. Inform which accessories and batteries will be sold or passed away

Choose what accessories you will keep with you and inform the buyer exactly what you’re selling, so the buyer knows it prior to the sale.

7. Do some cleaning

Last but not least, cleaning is a nice gesture and rewards the buyer for his purchase. But take care so you don’t harm internal parts by removing dust!

 

An old threat is back: Ramsonware CriptoWall 3.0. Get Avast for protection.

The nightmare is back! Your security could be seriously compromised if you do not act now. Install and update your Avast for PC before is too late. The original version of CryptoWall was discovered in November 2013, but a new and improved variant of the CryptoWall ransomware starts to infect computers all over the world last days. It’s the CryptoWall 3.0. Some sources estimate that it has already infected over 700,000 computers up to version 2.0.

Ransomware

CryptoWall is a malware that encrypts certain files in your computer (and secure delete the original ones) and, once activated, demands a fine around $500 as a ransom to provide the decryption key. You’re asked to pay in digital Bitcoins in about 170 hours (almost a full week). After that period, the fee is raised to $1000.

You could be asking why haven’t the authorities blocked the financial funding of them? They use unique wallet ID for each victim into their own TOR anonymity servers. For the user to be able to pay the ransom, he needs to use a TOR-like connection called Web-to-TOR. Each TOR gateway redirects the victim to the same web page with the payment instructions. The commands and communication control is now done using Invisible Internet Project (I2P) instead of Tor.

Infection could reach you in various ways. The most common is as a phishing attack, but it also comes in email attachments and PDF files. The malware kit also abuses various vulnerabilities in unpatched – read non up-to-date – Flash, Java, browsers and other applications to drop the CryptoWall ransomware.

How Avast prevents the infection

1. Avast Antispam and antiphishing protection prevents some vectors distribution.

2. Virus signature block all known ransomwares versions. Remember that Avast automatic streaming updates releases hundreds of daily updates for virus definitions.

3. Community IQ intelligence and sensors of our more than 220 million users that detects malware behavior all over the world. See how it works in this YouTube video.

4. Keeping your software updated is another security measure that prevents the exploit of their vulnerabilities. Learn how Avast Software Updater can help you with this job.

What more can I do?

Avast also helps in prevention of this disaster through its Avast Backup that allows you to keep all your important files in a secure and encrypted way. We also recommend local backup, as the new malware could also attack other drives and even cloud storage. Did you know that Avast Backup also performs local copies of the files? You can enable it at Settings > Options > Local backup, and configure the backup location (better an external drive) and also versioning of the files. Remember to disconnect the external drive from the computer (and the network) to prevent infection of the backups by CryptoWall and further encryption of the files.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Не дайте мошенникам ни единого шанса! Установите на Avast Anti-Theft.

Если вы случайно потеряете Android смартфон или планшет, или кто-то его украдет, не отчаивайтесь, умное приложение Avast Anti-Theft поможет вам найти и поймать вора.

Что такое Avast Anti-Theft?

Anti-theftAvast Anti-Theft отдельное бесплатное приложение для смартфонов и планшетов с операционной системой Android, которое поможет вам найти потерянное или украденное мобильное устройство, позволит вам отслеживать его на карте и управлять им дистанционно. Avast Anti-Theft является отдельным приложением, как только приложение запущено, оно маскируется и делается невидимым в телефоне для потенциальных воров.

Какие команды можно выполнить удаленно на потерянном мобильном устройстве?

Приложение позволит вам:

  • Заблокировать телефон
  • Активировать громкую настраиваемую сирену, которая возвращается к максимальной громкости, если воры попытаются заглушить ее
  • Удалить все ваши важные личные данные, прежде чем кто доберется до них
  • Отправить уведомление с новым номером телефона и данными геолокации на другое устройство
  • Установить отображение настраиваемого сообщения на экране телефона (например, о вознаграждении за возврат) независимо от того, заблокирован ли телефон
  • Удаленно прослушивать звонки. Телефон может набрать ваш другой номер (экран будет заблокирован, и воры не увидят статус звонка и не узнают, что вы их слушаете)
  • Перенаправить звонки и SMS на другой телефон
  • Блокировать доступ к параметрам телефона (блокировка диспетчера приложений и/или настроек телефона)

at-ig-ru

И это еще не все! Весь список функций, которыми можно управлять дистанционно и абсолютно бесплатно, можно найти здесь.

Премиум-функции позволят вам:

  • Сфотографировать вора и записать его голос
  • Восстановить все данные (списки вызовов, SMS-сообщений, и т.д.) и без телефона
  • Отправить SMS с вашего телефона
  • Автоматически заблокировать устройство после трех неудачных попыток ввода пароля

Приложение доступно на Google Play совершенно бесплатно

at-ig-ru

 

Your video guide to Avast 2015 features

Only four and half minutes of your time, and you’ll know the highlights of Avast 2015.

 

Avast 2015 is very easy to use, and many people just install it and let it do its job silently in the background. We designed it that way, but for those of you who want to know more about the features of Avast, we created a video guide to help you get the most out of your security protection.

The core of Avast Antivirus is real-time active protection comprised of the Web, Mail, and File System Shields. These can be accessed from the user interface. Open Settings and go to Active protection.

Avast 2015 includes our new, unique Home Network Security (HSN) which scans for home router security problems. Avast is the only security company to offer a tool to help you secure this neglected area.

To save you time, Avast 2015 has an efficient 4-in-1 Smart Scan which combines scans for malware and HSN’s router vulnerabilities, missing software updates and patches with Software Updater, and performance issues with GrimeFighter. GrimeFighter requires a separate license to fully optimize your PC.

Guess what’s here? Here again? A new version of Avast Mobile Security is here, tell a friend!

In November, we called on our awesome advanced mobile beta testers to test the latest version of Avast Mobile Security. We listened to their feedback carefully and are proud to announce that the latest version of Avast Mobile Security is now available to everyone!

Screenshot_2014-11-21-15-28-58

What’s new in Avast Mobile Security?

First and foremost, we have completely redesigned the virus scanner, making it faster than ever (up to 50% faster!). Then we improved support for Intel-based devices, optimizing the virus scanner for the best performance possible.

Finally, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!

Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium.

In summary:

 The new features in Avast Mobile Security are:

  • A redesigned and faster than ever virus scanner (50% faster!)
  • Improved support for Intel-based devices
  • An awesome new referral program that rewards you for spreading the word about Avast Mobile Security!

How can I get the latest version of Avast Mobile Security?

If you don’t already have Avast Mobile Security, what are you waiting for?! Download it on Google Play now! Already have Avast Mobile Security? If you have enabled automatic updates in your Google Play settings, you are all set :) If you don’t have automatic updates enabled in your Google Play settings, you can visit our app on Google Play and upgrade manually!

Have fun using Avast Mobile Security – we look forward to hearing your feedback!

We would like to extend a special thanks to our beta testers, your feedback plays an extremely important role in developing our products!

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

Fobus, the sneaky little thief that could

One small Android application shows lots of determination and persistence. Too bad it’s evil.

Mobile malware, Fobus, acts like this famous little engine. "I think I can, I think I can!"

Mobile malware, Fobus, acts like this famous little engine. “I think I can, I think I can!”

 

The year 2014 was significant with a huge rise in mobile malware. One of the families impacting our users was malware Fobus, also known as Podec. This malware poses as a more or less useful application, but for sure it won’t be what the user expects. This malware usually has two language versions, English and Russian, and applications seem to be generated automatically.

All that, and a bag of chips

From the permissions in the manifest, we can see that once Fobus is installed on the victim’s device it cannot only send SMS and call premium numbers, which may cost a lot of money, but it also works as  Spyware and can steal personal data from the infected device. That’s a lot of bad stuff packed into one small application.

Permission

Next up is a bit more technical stuff. If you are really eager, skip to Me thinks that something is amiss section to see how it works.

Inspecting the manifest file provides the clues of the automatic modification of the application files. As you can see in the following picture, service names are randomly generated. Going through samples in our database we were able to identify some similarities, which helped us categorize this malware as the Fobus family.

Service

The manifest also includes several receivers which are indicators that the malware is able to spy on the device.  It can also protect itself against uninstallation.

This receiver provides persistence of Fobus.

Boot

These receivers are able to check the outgoing calls and received SMS.

Call SMS
The receiver pictured here helps to protect the malware against removal.

Admin

Me thinks that something is amiss

During installation, the Fobus permissions already show that something might not be in order. But, we all know, that most people fly through this step without much thought.

device-2015-01-13-094436 device-2015-01-13-094428 device-2015-01-13-094352

The Great Pretender

Fobus pretends to be an Ad Block but permissions to make phone calls, send messages, system tools, and services that cost money should not really be needed for an Ad Block application,  nor for most legitimate applications. That is,  unless you hope it will block unsolicited calls and marketing SMSs. Our advice: The user should always take great care when an application requires these types of permissions and try to link them to the expected app functionality. Inadequate permission requirements are often the first indicator of something fishy.

When the user accepts all these permissions nevertheless, Fobus installs as any other application would.

device-2015-01-13-094455 device-2015-01-13-094521

Here comes trouble!

The real trouble, however, begins when the user runs this application and grants Fobus device administrator privileges.

device-2015-01-13-094553 device-2015-01-13-094603

Once the user activates the device administrator, the application icon disappears from the device.

device-2015-01-13-094628

But in fact, Fobus is still in the device and starts doing what it was build for – SPYING on the device! The user is not able to Stop or Uninstall this application by standard means. Why? Because they gave permission for the app to do all these things in the previously accepted device administrator policy!

device-2015-01-13-094658 device-2015-01-13-094704

Well, just deactivate the device administrator and uninstall this application… That shouldn’t be so hard, right? But it is! The application is easily visible in the device administrator along with the deactivation button. So what is the problem?

device-2015-01-13-094721

Blink and you’ll miss it…

The sneaky Fobus has a receiver which checks for calls on device_admin_disable_request. The moment the user tries to deactivate the device administrator, this receiver catches the request and forces the device to lock the screen with a call to the Lock Now function. This function prevents the user from confirming the deactivation.

Afterwards, the application attempts to relock the screen with any unlock attempt. The confirmation box is visible for just a moment before the application forces the lock screen, however the user will never be able to confirm it in time because the device is not able to capture the user click on screen. The screen locking usually lasts for a while until the confirmation box simply disappears. Sometimes users are required to push one of the hardware buttons on their device to activate the screen. When they finally manage to unlock the device the application is still there and happily running. By now, the person who installed this sneaky little thief, is not a happy camper.

device-2015-01-13-094726

Empty threats

Should the user have lightening-fast reflexes and be able to get past the locking screen mechanism, the authors have another trick up their sleeves. This time, they try to scare the users from disabling the device administrator privilege by threatening to perform a full factory reset.

device-2015-01-13-121013

Fobus shows the user a fake warning about a full factory reset during which the user will lose all data stored on their device. “Heavens, NO!”, most users will say, as they choose the cancel button. But when user is brave and pushes the OK button,  the device administrator privilege will be successfully removed and theuser will also able to uninstall the malicious application from the mobile device.

This is a pretty strong uninstall prevention, isn’t it?

It can be very difficult to circumvent this type of protection, especially, since the application cannot be uninstalled by any other means, like ADB or the safe-mode. In ADB, the uninstalling operation finishes as failure and even though the safe-mode disables user-installed applications, in this case the malicious application is still protected by the device administrator privileges and therefore cannot be uninstalled.

How to remove this persistent malware

Affected victims can use third party software to remove this malicious application from their mobile device or actually perform the suggested factory reset.

The removal itself is a two-phase process.

First, you need to deactivate the device administrator privilege.

device-2015-01-13-120918 device-2015-01-13-120944 device-2015-01-13-121024

Then,  uninstall Fobus itself.

device-2015-01-13-121316 device-2015-01-13-121326

The little malware that could…

What makes the Fobus so special is not that it can spy on victims devices, send SMSs,  or call on premium numbers; there are loads of malicious apps that can do that. Just like The Little Engine That Could, Fobus never gives up.  Usually users are able to remove bad apps from their devices easily by themselves by simply uninstalling them. Fobus, though, doesn’t give up so easily, it’s strong removal protection can frustrate even the most experienced users.

Acknowledgement

Thanks to my colleague, Ondřej David, for cooperation on this analysis.

The Litttle Engine That Could image is from Hero Wikia.

Source

Here is a sample connected with the analysis

 

011a379b3f81dbfb4f6fb4f5c80b5ba4cf9f0677f0ee30c3a8d41711ade2d226