Tag Archives: Android corner

Avast

More cybersecurity predictions for 2015

Leave a comment

Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.

Internet of (Every)Thing at risk

Secure your privacy by using avast! SecureLine VPNThe “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.

We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person.  But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, we will see adware uploaded on our smart TVs.

What to keep your eye out for

  • New technologies and businesses around the IoT including

o   Increased demand for low cost bandwidth and processing

o   Expansion of infrastructure that carries Wi-Fi traffic

o   Start-ups focused on communication and sensors between devices, storage, data analytics

o   Home and factory automation

  • The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere

Room for improvement

  • Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
  • The fractured ecosystem will make it harder to identify threats or protect against security exploits.
  • Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.

Social media world

ransomware note
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.

Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.

Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.

What to keep your eye out for

  • Continuation of scams associated with important events like celebrity gossip or sporting events.
  • Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
  • More fraudulent and malicious ads will appear on social networks.
  • Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.

Room for improvement

    • Cut back on sharing too much on social media and through Internet of Things devices.

Adjust privacy settings in each social network.

Avast

Mobile advertising firms spread malware by posing as official Google Play apps

Leave a comment

As a malware analyst, I find new pieces of malware day in and day out. In fact, I see so many new malware samples that it’s difficult for me to determine which pieces would be really interesting for the public. Today, however, I found something that immediately caught my attention and that I thought would be interesting to share.

Mobilelinks

The three URLs listed above are websites that offer mobile monetizing kits, which are advertising kits that developers can implement in their mobile apps. The goal for developers is to monetize from advertisements. If a user clicks on one of the ads delivered by one of the above listed providers, he may be lead to a malicious subdomain.

The most visited of the three URLs is Espabit. According to our statistics, we know that Espabit’s servers get around 150,000 views a day and nearly 100% of the views are from mobile devices. This may not seem like that much compared to the number of Android users there are in the world, but it is still a considerable number. Espabit is trying to position themselves as a world leader in advertising, and their website may appear innocent, but first impressions can be deceiving.

 

espabit

The most visited Espabit subdomain, with more than 400,000 views during the last few months, leads app users to pornographic sites via the ads displayed in their apps. The site displays a download offer for nasty apps (no pun intended) that have malicious behavior.

image

 

The above is just one example of the malicious links; there are many others hosted on the same server. The majority of the links lead to pornography or fake apps that all have one thing in common: They all steal money from innocent users.

How do they convince people to download their app? By posing as official Google Play apps. The apps are designed to look like they are from the official Google Play Store – tricking people into trusting the source. Since Android does not allow users to install apps from untrusted sources, the sites offer manuals in different languages, like English, Spanish, German, and French, explaining how to adjust Android’s settings so that users can install apps from untrusted sources, like these malicious apps. How considerate of them.

image_1

 

Now let’s take a deeper look at what the apps are capable of doing:

All of the “different” apps being offered by the three sites listed above are essentially the same in that they can steal personal information and send premium SMS. So far, we know about more than 40 of them stored on the websites’ servers. Most of the apps are stored under different links and, again, are offered in different languages (they want everyone to be able to “enjoy” their apps). The goal behind all of the apps is always the same: Steal money.

apps code1

 

 

 

 

Some of the permissions the apps are granted when downloaded…

apps code2

 

Once you open the apps, you get asked if you are 18 or older (they are not only considerate in that they offer their product in various languages, but they also have morals!).

sexyface

 

 

sexyface2

 

After you click on “YES” you are asked to connect your device to the Internet. Once connected to the Internet your device automatically starts sending premium SMS, each costing $0.25 and sent three times a week. That’s all the app does! The amount stolen a week does not seem like much, but that may be done on purpose. People may not notice if their phone bill is $3.00 more than it was the month before and if they don’t realize that the app is stealing money from them and don’t delete the app it can cost them $36.00 a year.

This malware is actually not unique in terms of the technique it uses. However, collectively, the three websites have around 185,000 views daily, which is a lot considering there is malware stored on their servers. Not everyone is redirected to malware, but those who are, are being scammed. Considering that the most visited malicious subdomain had around 400,000 views in the last quarter, it tells us that a large number of those visitors were infected. This means these ad providers are making a nice sum of money and it’s not all from ad clicks and views.

Although many mobile carriers around the world block premium SMS, including major carriers in the U.S., Brazil, and the UK, this case should not be taken lightly. These malware authors use social engineering to circumvent Google’s security and target innocent app users via ads. Think of how many apps you use that display ads, then think of all the valuable information you have stored on your phone that could be abused.

All malicious apps we found and described here are detected by Avast as:

Android:Erop-AG [Trj]
Android:Erop-AJ [Trj]|
Android:Erop-AS [Trj]

Some of SHA256:
DBEA83D04B6151A634B93289150CA1611D11F142EA3C17451454B25086EE0AEF
87AC7645F41744B722CEFC204A6473FD68756D8B2731A4BF82EBAED03BCF3C9B

Avast

Is backing up your data the same as exposing it? In this case – Yes!

Leave a comment

Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution –  You can find them online! The catch? Your contacts are in a publicly accessible place.

1playstore photo

Seriously.

If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.

Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.

 2app

A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.

3savedatacloud

Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.

4fiddlerinfo 5datafromserver

We found log in data inside those entries from countries like Greece, Brazil, and others

The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

6appinfoplaystore The application has been reported to Google without receiving any response.

Avast detects it as Android:DataExposed-B [PUP].

Samples (SHA-256):

F51803FD98C727F93E502C13C9A5FD759031CD2A5B5EF8FE71211A0AE7DEC78C 199DD6F3B452247FBCC7B467CB88C6B0486194BD3BA01586355BC32EFFE37FAB

Avast

The top three questions the Avast Mobile Security team got asked at CARTES

Leave a comment

It was great to see so many people who recognize the Avast brand and use our products at CARTES. We would like to say once more: Thank you so much! Every couple of minutes, we had a friendly visit from some of our fans and we always tried to talk to them for a while. Sometimes we got some interesting questions. We would like to share those that occurred the most.

1. Are you guys from the Netherlands?

No. :) Despite the orange color all over the place, Avast is a Prague- (that beautiful city in the Czech Republic that you read about in the travel magazines) based company with offices all over the world including Silicon Valley, Austin, Munich, and Hong Kong.

prague castle

A view of the beautiful Prague castle.

2. How do you make money if your products are free?

In general, we monetize our products both directly (via premium subscriptions or paid product versions) and indirectly (via ads in our applications, or partnerships / referrals, i.e.). On mobile, we are not making much money these days, compared to our desktop products. However, mobile apps are a great part of our product ecosystem. They help us build the brand and engage with people who use them. Our mobile products solve real problems and make the world a better, more secure place. In the future, we see a good potential to monetize mobile applications indirectly, due to our multi-million user base.

3. Why are you a better desktop Antivirus than XYZ?

“Better” is never a good word when talking about competition with modesty and respect. We have some compelling features in our Antivirus products. Check out the Home Network Security, SafeZone or process virtualization in our Avast 2015 version. Or you can try the Free version for yourself and compare our product with the Antivirus you have at the moment.

Did you like the article? Follow the author at @joshis_tweets.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Avast

Be an Avast Mobile Security beta tester

Leave a comment

This is your chance to be an Avast beta tester!

top rated AMS

You can influence the future direction of Avast Mobile Security when you are a beta tester.

Avast customers who have Android smartphones and tablets have played a significant role in the development of our mobile products. Now you can be part of the team by participating in our new beta version of Avast Mobile Security!

Why you should be an Avast beta tester

  • YOU GET EXCLUSIVE ACCESS  – Participants in the Avast Mobile Security Beta program have access to early versions of our Avast Mobile Security application. You get to be the first one to see all the new functions, before the official release.
  • YOU HELP CREATE THE PRODUCT – When you are a beta tester, we want your feedback, so that means that your suggestions and your critical evaluation of the application actively influence how Avast Mobile Security will work and what it will look like in the future.
  • YOU ARE AN ELITE MEMBER OF THE TEAM – We are looking for people with vision and enthusiasm from all over the world. You are not an ordinary Avast user – we identify you as a powerful influencer and we listen to what you have to say.

How to become an Avast beta tester

  • Join our beta community on Google+
  • Click on the Avast Mobile Security (beta) link
  • Click on BECOME A TESTER
  • Download  the beta version through Google Play on your device

Avast Mobile Security beta test

Join our Google+ Beta Testers community to test the latest version and give your feedback and suggestions.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

 

 

Avast

Avast apps make mobile payments safer

Leave a comment

The Avast Mobile Security team showcased secure solutions for payment, identification and mobility at the CARTES conference.

The Avast Mobile team had a couple of busy days in November – we participated at CARTES Secure Connexions 2014 and showcased some of our best mobile apps in the “Mobile payments” pavilion. In our traditional and authentic guerrilla style, we drove a truck to Paris, we built the stand ourselves (and almost got killed dismantling it the last day), and we greeted our friends and product users in person, with no external hostesses; only Avast Mobile crew members equipped with mint candies, product fliers, and an unlimited dose of enthusiasm. :-)

CARTES 1

You may ask yourself, what was my mobile antivirus provider doing at CARTES, a global event for the digital security industry?

Because of the experience the Inmite acquisition brought to Avast Mobile, the Avast team knows a thing or two about mobile payments security, and we believe we can bring additional value to this topic with our products.

Mobile payment security starts and ends with the customer

While there are many techniques app makers or payment institutions such as a banks use to secure their mobile applications, recent attacks show that the weakest part of the chain are end clients – in other words – you and me. Face it, most people tend to underestimate potential threats, they fall for phishing attacks or attacks by social engineering, they connect to insecure public Wi-Fi hotspots, and they know in most cases, that banks will handle possible issues they have gracefully. In many cases, banks will even refund complete financial loss in order to keep their reputation high. The value Avast can bring to the table is the fact that most of our solutions are oriented towards the end users and their devices – we help where the additional help is needed.

airbondSecuring your mobile device better is simple

At CARTES, we presented three products for mobile:

This selection of products was not random. Each of the products protect people and their payments at different “stages”.

AIR BOND is our patent pending HW authentication token based on Bluetooth Low Energy. It wirelessly communicates with your smartphone or tablet and co-signs your transactions before they are sent to the server. It requires no special effort, like rewriting a numeric code or putting an NFC tag close to your iPhone (that does not support NFC this way anyway ;-). )You can use your mobile banking or payment app as long as your AIR BOND is nearby. If you lose your phone or somebody steals it, your banking is instantly safe – proximity to the AIR BOND device is required in order to execute transactions (all of them or only some of them depend on AIR BOND deployment type at each individual bank).

SecureLine VPN is an easy-to-use VPN solution for mobile and desktop. You can download the app from the iTunes App Store or from Google Play, turn the switch on and use your phone normally. No special setup is needed on your end; we take care of the server infrastructure and all the nasty configuration that is usually required for VPN solutions to work.

SecureLine encrypts and anonymizes your communication while your payments are being sent to the server. Since most of the mobile communication happens in the public space, often at an unknown and improperly secured Wi-Fi hotspots, this mechanism brings a great deal of “practical security” to normal people. Most of the current network security issues are with the nearest router or with ISP infrastructure – basically in the first 10 miles of communication.

VPNAvast Mobile Security & Antivirus is the hottest mobile product today and it recently got a major facelift in order to become even more sleek and sexy. It is an Android app that includes antivirus, anti-theft (must be installed separately to the app, since anti-theft goes deep in the system), and several very handy security / privacy features, like App locking (adds a PIN code login screen to any app you have), or Call & SMS filter (blocks annoying calls and unwanted SMS messages). This application can protect your payments when your Android phone is under fire and everything is about to go wrong. For example, when you install a potentially malicious application, or when you lose your phone or somebody steals it from you, this app is here to protect you.

Every bank should suggest security products to their clients

In my personal experience, banks and payment institutions usually make mobile apps that are reasonably well secured in their implementation. However, security is a complex issue where an interplay of many components is needed to achieve good results. Protection at the end user level is one of these components, being a valuable addition to the built-in application security or security implemented within the bank’s back-end systems.

Banks and other payment institutions should educate their clients and recommend  products that protect their accounts and payments on their devices. Does your bank do that for you? If not, this is an opportunity – help us spread the word about Avast products! :-)

Did you like the article? Follow the author at @joshis_tweets.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Avast

Protégez les appareils mobiles de vos ados grâce à Avast.

Leave a comment

Les ados passent une grande partie de leur temps sur leurs smartphones ou leurs tablettes. Aidez-les à se protéger grâce à Avast Free Mobile Security et Avast Antivol.

 

Teenagers_FR

 

Une étude réalisée par l’UNAF (Union Nationale des Associations Familiales) auprès de 500 élèves de 12 à 17 ans révèle que 73 % d’entre eux possèdent un téléphone portable et que 47 % l’utilisent en classe. Ils utilisent en général leurs smartphones pour surfer sur Internet et accéder aux réseaux sociaux, mais aussi pour s’orienter ou prévenir un proche en cas d’urgence. Beaucoup de parents considèrent le téléphone portable comme un outil de sécurité leur permettant de garder le contact avec leur ado peu importe où ils se trouvent.

La première chose à faire après avoir acheté un smartphone à votre ado. 

La plupart des jeunes utilisent un appareil Android sans protection intégrée. La première chose à faire est de télécharger une application de sécurité afin de protéger l’appareil de votre ados et leurs données.La nouvelle version gratuite d’Avast Mobile Security & Antivirus est enfin disponible. Son interface utilisateur améliorée et simplifiée vous permettra de protéger instantanément votre enfant contre les logiciels espions et les malwares, l’empêchera de télécharger des applications suspectes, sauvegardera ses contacts, ses photos et ses historiques d’appels et de sms.

Téléchargez Avast Mobile Security and Antivirus à partir du Google Play store.

La seconde chose à faire après avoir acheté un smartphone à votre ado.

Les ados sont très actifs et les chances qu’ils perdent leur portable sont élevées. Avast Antivol est une application à installer indépendamment d’Avast Mobile Security. Vous pouvez utiliser la fonctionnalité de localisation afin de retrouver un appareil perdu ou volé, le contrôler à distance et le verrouiller.

Téléchargez Avast Antivol à partir du Google Play store.

Autres conseils : 

  • Protégez le smartphone de votre enfant avec un mot de passe. C’est très facile et cela empêchera les curieux et les hackeurs d’accéder à leurs données.
  • Ajoutez les numéros importants à la liste de contacts. Ajoutez votre numéro de portable, celui de votre travail, des grands-parents, de l’établissement scolaire, des urgences etc.
  • Informez-vous des règles de l’établissement scolaire. Il est important de savoir si l’utilisation du portable y est interdite durant les heures de cours ou durant les pauses.
  • Informez vos enfants sur l’importance de la confidentialité. Cela inclut des sujets comme la publication de photos, le sexting et le comportement à adopter sur les réseaux sociaux.

 

Merci d’utiliser Avast Antivirus et de nous recommander à vos amis et votre famille. Pour toutes les dernières nouvelles, n’oubliez pas de nous suivre sur Facebook, Twitter et Google+.

 

 

Avast

Avast safeguards your teen’s smartphone

Leave a comment

Teenagers are responsible for their smartphones. Help them keep it safe with a few easy additions.

teens-smartphone

Seven out of ten high schoolers take a smartphone to school. Not only are these phones being used for surfing the Internet or social networking, but they help kids navigate around campus, connect with teachers and other students, and follow streaming campus news. Many parents see equipping their teenager with a mobile phone as a safety tool and a way to keep in closer contact, especially if an emergency arises.

The first thing to do after buying your teenager a smartphone

Most kids are using a device with an Android operating system and no added security protection. The first thing you should do is to download a security app to protect the phone and data on it.

The newest version of avast! Mobile Security & Antivirus is out now, with a completely re-imagined user interface, making it simpler and even more user friendly than it was before. Avast! Mobile Security is free, and it will instantly begin protecting your child from downloading bad apps, protect against spyware and block malware, and backup contacts, SMS/call logs, and photos.

Install avast! Mobile Security and Antivirus from the Google Play store.

en-scan
en-permitions
en-lock
en-detect
en-dashboard
en-call

 

The second thing to do after buying your teenager a smartphone

High school students are busy people, with lots of activities, so it’s likely that your teen’s smartphone will be misplaced. Avast! Anti-theft is a stand-alone app that can be installed separately from avast! Mobile Security. You can use the phone locator features to find the lost or stolen phone, control it remotely, and lock it down.

Once you install avast! Mobile Security, you will be asked to set up the anti-theft module. You can read about that and the remote features you’ll have access to from your my.avast.com account in our avast! Mobile Security FAQs.

Install avast! Anti-Theft from the Google Play store.

Other things to do

  • Set up a password for the smartphone. This is easy to do and will serve as the first line of defense against nosy people and thieves.
  • Add important numbers to the contact list. Add your mobile number as well as a work line, grandparents, the school, and emergency contacts.
  • Know the school’s rules. If phone usage is prohibited during school hours or allowed only during breaks, that’s important information to know.
  • Talk to your kids about privacy. This includes a conversation about uploading photos and videos, sexting, and oversharing on social networks.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Avast

Avast! Mobile Security gets award from AV Comparatives

Leave a comment

AV Comparatives Aug2014AV Comparatives awarded avast! Mobile Security for its malware protection and highly developed theft-protection.

Most people would not dream of neglecting the security of their PCs or laptop, but those same folks forget that the device in their pocket is just as powerful, if not more so. You’ve heard it before –your expensive smartphone, which stores personal data, private photos, Internet banking information and even company data, is an attractive target for cybercrooks and thieves.

AV Comparatives, an independent organization which tests antivirus products and mobile security solutions, released new testing results and gave avast! Mobile Security the highest “Approved Award” for Android security products.

avast! Mobile Security has a wide range of features with innovative functionality. We particularly liked the wide range of configuration options and remote commands, which provide the user with a comprehensive remote control function,” wrote the authors of the final report.

AV Comparatives gives avast! Mobile Security it's Approved Award for mobile security and anti-theft features.

AV Comparatives gives avast! Mobile Security it’s Approved Award for mobile security and anti-theft features.

Malware protection

Mobile phones attacks are getting more and more sophisticated, and it is growing exponentially. “We now have more than 1 million malicious samples in our database, up from 100,000 in 2011,” said Avast’s CCO, Ondřej Vlček. “Mobile threats are increasing – we expect them to reach the same magnitude as PC malware by 2018.”

avast! Mobile Security scans all installed applications for malware and has various real-time protection shields which protect against

  • Malicious apps and phishing sites
  • Sites containing malware
  • Typo-squatting if an incorrect URL is entered
  • Incoming messages with phishing/malware URLs
  • Malicious behavior during read or write processes

Anti-theft protection

Avast! Anti-theft is a stand-alone app that can be installed separately from avast! Mobile Security. The app is hidden from view, and can be accessed remotely for functions such as lock, locate and wipe, redirection of calls, texts and call logs, etc.

In addition to the malware and anti-theft protection, AV Comparatives liked the standalone avast! Mobile Backup which enables personal data to be backed up to Google Drive.

The Backup, App Locker and Privacy Scan features, which were promised last year, have now been implemented and complete the program’s functionality. (avast! Mobile Security) is a very comprehensive security product with a wide range of configuration options.

Protect your Android smartphone and tablet with avast! Mobile Security and Antivirus from the Google Play store.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

 

 

Avast

How to make a backup with avast! Mobile Backup & Restore

Leave a comment

howto2_enQuestion of the week: I have lots of photos on my phone from summer vacation. How do I back them up so I don’t lose them?
These days we keep everything from photographs, videos and music to messages and contacts on our mobile devices. This makes losing our phones a big headache. Unfortunately, most people don’t think of this until after their phone goes missing or fails. We asked our users if they back-up their data, and a whopping 49% said they don’t back up or don’t know if they do.

backup data

avast! Mobile Backup makes backing up your important data easy for you. In a few easy steps, you can backup all your files from the pictures of your last trip to the contacts and applications you keep in your devices.
Want to know how? Just follow the following steps:

  • Install avast! Mobile Backup & Restore from Google Play.
  • Once you have installed avast! Mobile Backup, you’ll need to configure your Google Drive. It’s as simple as clicking on the button “Set up Google Drive Account” and follow the simple steps on the screen to access your Google account. backup
  • Once you’ve set up your Google Drive, you can select items for backup. The free version lets you back up contacts, calls and SMS. The Premium version also allows you to back up all the audio and video files and also all your applications. When you finish the selection, click the “Continue” button.
  • On the next page, “Important Options”, you can select whether you want the backups to be made only through a WiFi connection in order to save mobile data, and configure the maximum size of the files which you want to perform that backup. Once you’ve configured everything, click Finish.
  • You are now ready to perform the backup. Tap the dark square at the top and avast! Mobile Backup will start backing up your files.

If you want to restore your backup when you change your phone, simply reinstall avast! Mobile Backup, click “Browse backup” and then “Restore all.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.