Tag Archives: App Store

Has the Windows Phone Store become a new target for hackers?

Almost exactly two months ago, we reported on some fake apps found in the Windows Phone Store. Unfortunately, the news hasn’t stopped there – instead, it seems that this third-party app store is becoming an increasingly popular platform for the bad guys. Today, we‘ve uncovered quite a large set of fake apps which includes scams imitating legitimate popular apps such as Facebook Messenger, CNN, BBC, and WhatsApp.

Fake apps advertised by Ngetich Walter on the Windows Phone Store.

Fake apps advertised by Ngetich Walter on the Windows Phone Store.

There are two perpetrators behind these fake apps: Ngetich Walter and Cheruiyot Dennis. Between the two of them, they have 58 different apps available in the Windows Phone Store, all of which are fake. The majority of the apps have certain things in common — they collect basic data about users and display various advertisements that are mostly driven by a user’s location. A portion of the apps try to lead users to pages that force them to submit a request to purchase something. Let’s take a closer look at two of them:

1. World News CNN (a.k.a. Abundant Life): What first appears to be a CNN World News app is actually an evangelical message titled “Abundant Life“.

wp_ss_20151006_0027

2. Fake Avast Antivirus: Along with the illegitimate social and news apps we discovered, there were even fake Avast apps added into the mix. Fortunately, each of the fake Avast apps are harmless and don’t accomplish anything more else then redirecting users to Avast’s website and displaying advertisements to the user.

wp_ss_20151006_0009

Money, money, money

It’s fairly obvious that hackers don’t do this sort of thing for free. After looking into monetization methods, it appears that hackers are primarly using two ways to profit from producing and circulating fake apps on a large scale:

1. Advertisement clicks: Apps load different kinds of advertisement kits, which are clicked either by the user or, in some cases, the app itself. Theoretically, the bigger the number of apps that you advertise on an app store, the larger number of clicks you would receive – another reason that hackers often offer a large number of fake apps at once.

2. Misleading advertisements: Certain ad servers are remotely controlled, giving them the power to switch different advertisements on and off. In some cases, those ads lead to scammy pages that try to convince you that your device has security issues and that you need to install some other paid product to fix it.

What is the motivation behind propogating fake apps?

These days, the Google Play store and iTunes continue to implement smarter solutions to protect their entire ecosystems. This approach is making these systems quite difficult to attack and monetize, causing hackers to avoid them altogether. As a result, a less widely used, third-party app store such as the Windows Phone Store is an ideal place for a hacker to hunt for security loopholes. On top of analyzing the reasons behind why these cybercriminals do what they do, it’s also interesting to consider the fact that often, fake apps remain on third-party app stores for weeks and even months at a time. For some reason, no one takes the time to report bad apps, even if it’s clear that they are fake and the majority of user reviews are extremely negative.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Apple finds apps infected with malicious code – XcodeGhost

You’ve probably heard the news: Potentially millions of Apple iPhone and iPad users may be at risk after the first-ever major Apple hack — a breach made possible by fake developer tools used to create iOS apps that made their way onto the Apple App Store.

Developers in China sought to reduce software download times by downloading a copy of the Xcode developer tools hosted on a Chinese server instead of the official version available from Apple. Unknown to developers, this counterfeit version of Xcode automatically embedded some malware, called ‘XcodeGhost’, into their apps. According to Apple this may have led to a number of infected iOS apps leaking, “some general information such as the apps and general system information.”

Apple, which prides itself as one of the most secure OS platforms in the world, quickly responded and apparently removed over 300 pieces of malware-infected software from the App Store. It also simultaneously began working with developers to make sure they were using the correct version of Xcode, and not the fake developer code used to create the infected apps.

The full list of affected apps has not yet been disclosed, but Apple has published a list of the most popular currently-known impacted apps.

Ironically, the Apple hack occurred just as Chinese leader President Xi Jinping was arriving in the U.S. to attend a summit with President Barack Obama to discuss concerns about China’s slowing economy and cooperation on cyber security; as well as meet with top tech firms including Apple.

If you feel you’re at risk of having downloaded any infected apps, here are some things you can do:

  • Check the Apple breach list for the known infected apps and delete any of the iOS apps noted above.
  • Be on the look out of prompts asking for your name, password or other information, such as your social security number or other sensitive information from a source you cannot verify.
  • Change your passwords, including your Apple account password.
  • Make sure your apps are up to date.

Apple removes malicious apps from App Store

Apple slow internet

image via TechInsider

While the rest of us were soaking up the last of the season’s sunshine, Apple researchers spent the weekend removing hundreds of malicious apps for iPhone and iPad from the iOS App Store.

The recent exploit on Apple has shown us that even Apple’s system can be compromised quite easily,” said Avast security researcher Filip Chytry. “While this time nothing significant happened, it is a reminder that having everything under an Apple system could potentially make a system vulnerable.”

The malware seems to have been focused on Chinese users. Chinese media reported more than 300 apps including the popular instant messaging service WeChat, Uber-like taxi hailing program Didi Kuaidi, banks, airlines, and a popular music service were infected.

The malicious software programs got by Apple’s strict review process in an ingenious way. Hackers targeted legitimate app developers by uploading a fake version of Xcode, Apple’s development software used to create apps for iOS and OS X, to a Chinese server. It’s a large file, and reportedly quite slow to download from Apple’s U.S. servers, so to save time, unwitting Chinese developers bypassed the U.S. server and got their development tools from the faster Chinese server. Once their apps were completed, the malicious code traveled Trojan-horse style to the App Store.

“If hackers are able to exploit one entry point, they are able to attack all of the other iOS devices – and the fact that Apple doesn’t have a big variety of products makes it easier,” said Chytry.

Apps built using the counterfeit tool could allow the attackers to steal personal data, but there have been no reports of data theft from this attack.

“Regarding this specific vulnerability, consumers shouldn’t worry too much, as sandboxing is a regular part of the iOS system,” said Chytry.

A sandbox is a set of fine-grained controls that limit the app’s access to files, preferences, network resources, hardware, etc.

“As part of the sandboxing process, the system installs each app in its own sandbox directory, which acts as the home for the app and its data. So malware authors cannot easily access sensitive data within other apps,” said Chytry.

In a statement Apple said, “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Android – The rooting story

You have an Android device and the performance is not as good as it was in the first days after you bought it? You want to delete the bloatware applications which are automatically installed from the manufacturer by default but there is no option to do that? If you seek help for problems like these and do some research in the internet, one of the first things to do you will probably read about is “rooting your Android device”.

The post Android – The rooting story appeared first on Avira Blog.

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Do third-party app stores pose a threat to mobile security?

Android Malware

Malware detected on Android

Over time, we’ve noticed the presence of some fairly heated user debates disputing the necessity of security or antivirus apps for Android devices. This could have been sparked by our recent post which argues that you can’t always rely on the security of Google Play or because of the myth that antivirus companies create viruses to sell more software.

Certain security gurus claim that if users stick to downloading and purchasing apps using only the Google Play Store, nothing bad will happen to their devices. However, we found that this line of thinking is not 100% correct, as was demonstrated through the discovery of a rogue Dubsmash app or in the infamous case of apps on Google Play posing as games and infecting millions of users with adware. Despite these findings, there are some users who still feel that they’re safe whenever using Google Play. This feeling of false security could have negative consequences; for example, when your data or financial information is stolen or when you have to resort to resetting your device in order to cleanse it of malware.

So, we know we can’t rely on the Google Play Store all the time, but are third-party stores more secure? Of course not. In this case, how is it still possible that it’s not a problem to use third-party stores? First of all, it’s necessary to point out that there are certain legitimate and clean third-party stores, such as Amazon and FDroid. At the same time, there are tons of shady stores and even more black market .apk files promising to deliver you the latest features of a cracked app.

With these things in mind, how can users navigate the world of third-party stores?

Android's default .apk handler

Android default apk handler

Besides the well known (and default) security options of Android, there is another useful feature that remains more or less unknown by average users: the default app feature. When Android (and also Windows) is about to open a file, it looks into its database to determine which application should be used and launches it. If you set Avast Mobile Security to be run at this preliminary stage of an app’s installation, it will scan the .apk file before it is opened and the installation process has begun. If any mistake or bug is detected, the process is halted and you’ll be given the option to uninstall the app.

If you have already installed Avast in your Android smartphone or tablet and this option is no longer shown, the easiest option will be to uninstall it, reboot and install it again. When the dialog pops up, choose Avast as your default handler for .apk files. As mobile malware reached the one million Android sample mark last year, the Avast database continues to grow exponentially. Avast Mobile Security also performs very well with new and unknown malware, as independent tests show us.

You can be safer and have a complete peace of mind while using third-party stores if you keep Avast Mobile Security running as your default installation package app. Download Avast Mobile Security for free on the Google Play Store.

Are you as smart as your smartphone?

Smart phone

How do I find my apps on this thing?

Not too many years ago we had phones that only made calls. Smartphones are the newest generation of phones that bring a lot of possibilities right to our fingers through the apps specifically designed for them. We all got used to the Windows (or Mac) world, but now we are witnessing a revolution from “standard” programs and some specialized tools to a world where every common thing can be done by our smartphones. Sometimes it seems, that the device is smarter than we are!

But can it protect itself from the increasing number of threats?

You’ll find a lot of articles on the Internet which state that security companies exaggerate the need for mobile security and antivirus protection. You’ll read that Google Play and the new security technologies of Android Lollipop are the only things necessary for security. I could post many examples of such (bad) tips, but I don’t want to waste your time or mine.

Do you use only Google Play as your app source?

A common (and wise) security tip is to stick with Google Play for downloading apps. This is good advice despite the fact that we see here in the Avast blog that Google Play fails to detect some apps as malware. Look for our mobile malware senior virus analyst Filip Chytry’s articles. He continuously discovers holes in Google Play security.

However, what if you want apps that have been banned from Google Play? No, I’m not talking about (just) adult apps. Google banned anti-ad apps, for instance. So where is a safe place to get them? The answer is simple: outside of Google Play. The Amazon Appstore for Android is quickly increasing the possibilities.

Do you think that clean apps can’t become bad ones?

Clean apps can become bad ones, and with the new Google Play permission scheme, you may not even notice. This makes updating your apps (another very common and wise hint) an additional complication.

As the apps we love can turn against us, the best tip of all is that you install a mobile security app that helps you know what it being added to your phone.  Avast Mobile Security updates its virus database very often to detect the latest threats and allows you to install securely all the apps you love.

This makes you smarter than your smartphone! ;-)