Tag Archives: Adware

Avira starts lawsuit against adware distribution site

Avira has filed a lawsuit against the German Freemium.com download site for unfair business practices and misleading consumers into installing unwanted programs (PUA). We’re the first security vendor to stick up for customer rights and go directly after a software publisher.

The post Avira starts lawsuit against adware distribution site appeared first on Avira Blog.

Fake Chrome browser replaces real thing and serves up unwanted ads

Is something not right with your browser, but you can't quite figure out what?

Is something not right with your browser, but you can’t quite figure out what?

Does your Chrome browser seem a little “off”, but you can’t figure out why? Maybe it’s eFast.

 

Here’s another reason to slow down when installing software, especially free software. A new Potentially Unwanted Program (PUP) disguised as the Google Chrome browser is sneaking onto users computers bundled with legitimate software, hidden deep within the ‘Custom’ or ‘Advanced’ settings that most people skip over. Once installed, eFast, as it has been called, serves up ads and tracks your online activities and sells personally identifiable information to advertisers.

“Read the installer screens to make sure what they actually install,” warns Michal Salat, researcher in the Avast Virus Lab. ” The Next->Next->Next->Done approach is exactly why we deal with PUPs daily. If there isn’t an option not to install some additional software, terminate the installer immediately. Better safe then sorry.”

Researchers at Malwarebytes says that eFast actually installs a new browser rather than hijacking your existing one. If you already have Chrome installed, it will replace it making itself the default browser. The fake browser uses the same source code for the user interface as the real thing making it difficult to tell the difference. It is so tricky that it even replaces shortcuts on your desktop that look similar to Google Chrome.

In addition to all that, eFast hijacks some file associations, so that it can open as many times as possible therefore having the opportunity to show you more ads! If you open a file like JPEG, PDF, or PNG, it will be opened with eFast, resulting in pop-ups, more ads in your searches, and other adware. You can see the list of file associations on Malwarebytes security blog.

How to find out if eFast is on your computer

Open your browser and type in chrome://chrome. The authentic Chrome browser will take you to the ‘About’ section and check if your browser software is up-to-date. It looks like this.

About Chrome frame

If you have a fake version of Chrome, then you will be taken to a fake About page, get an error, or the link won’t work. In that case, check out the removal instructions on PCrisk.

eFast is classified as a Potentially Unwanted Program, also known as a PUP. PUPs are annoyances like search bars, intrusive adware, etc. that Avast does not detect by default. However, the option can be enabled.

How to turn on PUP detection in Avast

  • Open the Avast program and go to settings
  • Open Active Protection
  • Click Customize next to Web Shield
  • Go to Sensitivity and put a check mark beside PUP and suspicious files

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

More malware found on third party app stores

As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.

image via the FireEye blog

image via the FireEye blog

The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, ” it soon turns evil.”

The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.

Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.

How to protect your Android device from infection

  • Only install apps from trusted stores like Google Play
  • Avoid clicking on links from ads, SMS, websites, or emails
  • Keep your device  and apps up up-to-date
  • Install protection that scans apps like Avast Mobile Security

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Know the difference between adware and porn?

“I know it when I see it,” is how US Supreme Court judge Steward Potter described his definition of pornography. But when it comes to adware, the description is far less titillating: You know it when you CAN’T see how to get rid of it.

The post Know the difference between adware and porn? appeared first on Avira Blog.

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Searches for Pirated Content Lead to Pain and Little Gain

People love to try and get something for nothing, especially on the Internet where there’s all kinds of things available for nothing. But a lot of those free things are illegal and attackers have become very adept at taking advantage of users’ desire for free episodes of Gilmore Girls or bonus Dragon Ball Z content. Researchers […]

Avira vs. Freemium(dot)com – We Will Protect You Against PUA

The court order sets a legal precedent for how Internet security companies like Avira can protect their consumers from potential ad-ware injection, malware, and unintended downloads introduced by installer companies like Freemium.

One of Freemium’s major investors, ProSiebenSat.1 Media AG, hosts a suite of gaming sites and download sites, as well as Axel Springer’s Computerbild.de download portal, which all use Freemium’s installer software to earn money on the downloads of products they offer. Our antivirus software detects and flags unintended downloads with a safety warning, so Freemium filed a cease-and-desist letter against Avira GmbH claiming anti-competitive practices, and demanding that we should not be allowed to block the downloads.

The courts disagreed.

According to the terms of the legal judgment, our antivirus software is allowed to continue to provide a safety notice flagging these downloads as ‘potentially unwanted applications’ (PUA), in keeping with our recently published security policies. Freemium was denied its request for a cease-and-desist and, as the losing party, was ordered to pay all court costs.

“This ruling establishes a major legal milestone in the fight against misleading consumers into unintentionally installing unwanted software onto their computers,” said Travis Witteveen, CEO of Avira GmbH. “Earlier this year we established clear guidelines defining unethical software behaviour, and defining what our security software will block. We believe in ‘freemium’ and advertising-supported business models, however they must remain transparent and ethical in their implementation.”

The post Avira vs. Freemium(dot)com – We Will Protect You Against PUA appeared first on Avira Blog.