Tag Archives: featured1

Avast

Apps on Google Play Pose As Games and Infect Millions of Users with Adware

A couple of days ago, a user posted a comment on our forum regarding apps harboring adware that can be found on Google Play. This didn’t seem like anything spectacular at the beginning, but once I took a closer look it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies.

Durak App Google Play The Durak card game app was the most widespread of the malicious apps with 5 – 10 million installations according to Google Play.

Durak interface
When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right? :)

Threats detected malcious appsEach time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.

An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don‘t stop. This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised “solutions” and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.

Avast Mobile Premium detects these apps, protecting its users from the annoying adware. Additionally, the apps’ descriptions should make users skeptical about the legitimacy of the apps.  Both in English and in other languages such as German, were written poorly: “A card game called ‘Durak‘ – one of the most common and well known game“.

The apps‘ secure hash algorithm (SHA256) is the following: BDFBF9DE49E71331FFDFD04839B2B0810802F8C8BB9BE93B5A7E370958762836 9502DFC2D14C962CF1A1A9CDF01BD56416E60DAFC088BC54C177096D033410ED FCF88C8268A7AC97BF10C323EB2828E2025FEEA13CDC6554770E7591CDED462D

Avast

Come meet Avast at Mobile World Congress

Mobile World Congress 2014

Avast will participate in the 2015 Mobile World Congress

The Avast Mobile Security Team will be introducing its latest suite of apps and solutions at this year’s Mobile World Congress in Barcelona, March 2 – 5.

The team, including Jude McColgan, President of Mobile, and Daniel Chang, Head of Worldwide Mobile Sales and Marketing, will be participating in this must-attend conference for mobile industry leaders, visionaries, and innovators.

The Avast team are leaders in securing the mobile ecosystem as it expands into the retail, banking, and health services industries. Along with interesting discussions about the latest security threats and vulnerabilities for Android and iOS devices and how users can protect themselves from those threats, our team will show users how they can free their phone from unnecessary files to gain valuable storage space on their mobile devices.

New threats and trends

Mr. McColgan and Mr. Chang will introduce a solution that addresses Wi-Fi security issues. Most people know that connecting to Wi-Fi networks on-the-go at cafes, airports, or hotels can make them vulnerable to hackers. Without the protection of a virtual private network (VPN), hackers can gain access to people’s emails, browsing history, and personal data. Now, routers are increasingly becoming targets for hackers, harboring new risks for iOS and Android smartphones and tablets. Avast will be revealing new research data, then introducing a solution for this threat at Mobile World Congress.

Storage on your smartphone and tablet can be a challenge especially when social media, video, music streaming, and news reader apps pile up data that eats up valuable storage space. Avast will showcase a new solution that addresses this problem.

If you are attending Mobile World Congress, please stop by and visit the Avast team at stand 5K29 in Hall 5.

For the rest of us not lucky enough to travel to Barcelona during the Mobile World Congress, visit the Avast blog and Facebook page where we will keep you updated on all the announcements and happenings. Take a look at some of the fun from last year’s event.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Post by avast! antivirus.
Avast

14 easy tips to protect your smartphones and tablets – Part I

A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.

Protect your smartphone

Follow our tips to secure your phone and the data on it.

We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.

1. Set your lockscreen

You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.

2. Hide your passwords from nosy people

You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.

3. Protect your apps with a PIN

Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.

4. Disable installation of apps from unknown sources

If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page.  Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.

5. Set Avast Mobile Security to scan any app before installing

If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.

6. Disable USB Debugging

This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.

7. Install and set Avast Anti-Theft

This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.

We’ll talk about the other 7 tips in next days, so come back to the Avast blog.

Panda Security

Apple ID user? Careful! There is a new phishing attack!

Careful! We have detected a new phishing attack!

If you receive an email with the Spanish text: “Hola, nuestro sistema ha detectado autorizado entrada intento de su Apple ID…” (“Hello, our system has detected authorized access attempt of your Apple ID…,”) careful, it is phishing!

Below is an example of the email and the first thing that should catch your attention is the sender’s email address: AppIe Support <[email protected]>

phishing apple

Using the excuse that someone has tried to access your Apple ID account, the cyber-criminals ask you to change your details. When you click on the link, a page opens that is an almost perfect imitation of Apple’s website:

phishing apple email

 

After signing in with your Apple ID login details, the next step is to update your personal details.

phishing apple ID

In addition to your name, address or telephone number, it requests your bank and credit card details in order to verify your identity and as the default method of payment for purchases and for iTunes or the App Store.

phishing apple personal details

So, if you fall into the trap and enter all of this data, you will be giving the criminals access to this sensitive information.

As we always say, no company will ever ask you to send your personal details to them via email. If they do, be suspicious! In addition, in this case prevention is better than cure and it is important to have an extra layer of protection by installing one of the antivirus software from our 2015 line.

The post Apple ID user? Careful! There is a new phishing attack! appeared first on MediaCenter Panda Security.

Panda Security

Panda Security improves its positon in the Visionaries Quadrant of Gartner Magic Quadrant

Panda Security, Cloud Security, announces that it has been included as a Visionary in the ‘Gartner Magic Quadrant for Endpoint Protection Platforms’, published on December 22, 2014. The company, which has been included in this quadrant for the seventh consecutive year, has improved its positioning.

The Gartner report evaluated all of the vendors in the endpoint protection platforms market based on their products, completeness of vision and ability to execute.

“We believe industry has assessed positively the new technologies incorporated by Panda Security in the fight against malware. We feel this emphasizes that Panda Security is the first vendor in the endpoint protection platforms market to offer a service that classifies all executables running on endpoints, which represents a significant innovation compared to the current products”, said Josu Franco, VP Corporate Development at Panda Security.

We feel this new evaluation strengthens the path taken years ago by Panda Security towards a strategy that is fully committed to offering cloud-based services and a new protection model.

A complimentary copy of the Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, John Girard, Neil MacDonald, December 22, 2014 is available here.

The post Panda Security improves its positon in the Visionaries Quadrant of Gartner Magic Quadrant appeared first on MediaCenter Panda Security.

Panda Security

The most cyber-attacked city is a model town

cibercityThere’s a city in a secret place in the state of New Jersey where the public services are always a mess. Power cuts, water supply problems and even Internet outages. Then add to that banks, stores, hospitals, schools and public transport that can’t operate normally on a daily basis because their security is continually compromised. In this city however no human being has to suffer any of the consequences. Nobody lives there: the city is just 1.8m wide by 2.4 m long.

CiberCity is a model city created by the Sans Institute, an organization that brings together over 165,000 IT security professionals. Its aim is to show the US army how to hack every corner of a modern city. It’s a 1:87 scale training camp designed to ensure the military is properly prepared for a cyber-war.

Ed Skoudis is the director and instructor of this unusual project aimed at teaching the latest cyber-security techniques. “A lot of computer security over last 10 years has really focused on computers themselves and the data on them… or it’s focused on spying and espionage”. Now there are other types of attacks. “But the threat is changing. It’s still that, but adding to that, it’s now people hacking into computers to cause real-world physical damage“, explains this expert in IT security.

If CiberCity existed in real life, it would have 15,000 inhabitants. It’s a city that has all the typical amenities and features of a real town: garden plants, swings in the parks, urban traffic, bars with WiFi and even a chemical plant have all been recreated in this mini city.

cibercity hacker

Five cameras monitor CiberCity so students have a live stream of everything happening there, and can carry out remote cyber-attacks, thereby learning how to attack and defend a city by hacking its security systems.

In one of the training missions, these security experts assume the role of hackers to cause a complete blackout of the city then reconfigure the power company’s computers so utility workers can’t access them. A city can’t live without power, so the challenge is how to get the system up and running again.

Another scenario asks students to work out how to simultaneously turn all traffic lights in the city to red, to prevent terrorists from escaping from the city. Derailing a train hurtling towards the town and laden with radiological weapons; reprograming a rocket launcher aimed at a hospital and hacking a water treatment plant so that clean water appears to be dirty are just some of the entertaining challenges that students will have to tackle.

According to Skoudis, the fact that the model is so realistic makes the project more meaningful to military leaders than if the missions were simply in virtual environments. “They want to see physical things. They want to see the battle space, and what’s happening there”.

Some 70% of Americans say they fear cyber-attacks from other countries, and would no doubt approve of their military acquiring such advanced system hacking skills in order to be better prepared to defend them. And it’s a fair bet that the students enjoy themselves too. Who wouldn’t with such a realistic Lego set?

The post The most cyber-attacked city is a model town appeared first on MediaCenter Panda Security.

Panda Security

Now we are simplexity!

Making complex things simple. That’s the meaning of simplexity, and the basis of the transformation Panda has undergone.

An internal and external transformation of the way we do things, and which signals the beginning of an ambitious five-year strategic plan based on growth, technology and international expansion.

This is the new Panda

panda logo

Our new corporate identity coincides with the company’s 25th anniversary and is the result of the participation of all Panda’s offices around the world.

The worldwide presentation of our new strategic plan took place yesterday in Madrid. This event, which was attended by numerous Panda employees as well as the media, gave us the opportunity to explain the company’s core values among many other things: non-conformist, people-centric and innovative.

Here are some pictures from the event!

panda security simplexity

 

diego navarrete panda security

Diego Navarrete, Panda Security CEO, during the event

 

Paula Quiros Panda Security

Paula Quirós, our CMO

 

Felipe Mejias Panda Security

#PandaSimplexity by Felipe Mejías

 

simplexity panda security

After almost a year of hard work we are finally proud to present to you the new Panda. What do you think? Will you join #PandaSimplexity?

The post Now we are simplexity! appeared first on MediaCenter Panda Security.

Avast

Online privacy protection in the EU

It’s European #‎DataProtection day! Every day we visit websites and willingly hand over our name, address, and credit card number. Have you ever thought about what happens to that data or what your rights are?

European ‪#‎DataProtection‬ day

Avast keeps your personal data private.

 

Members of the European Union (EU) enjoy a high standard of protection of their personal data. The Digital Agenda for Europe lays it all out for you on their website. Here’s a summary:

The burden to protect you is on organizations

The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organizations that collect and manage your personal information must also protect it from misuse and respect certain rights. One of the objectives is that organizations notify their customers, in plain language, what information is collected and how it is used as well as get permission before using any personal information.

One of the stumbling blocks has been the so-called one-stop-shop for businesses and citizens in each member state in which authorities will handle citizens’ complaints about any breach of the rules. There are just as many ideas on how to run it as there are EU member states.

You must be notified of cookies and data breaches

The Directive on Privacy and Electronic communications (ePrivacy Directive) ensures that all communications over public networks maintain a high level of privacy. For example, this directive requires website owners marketing online to EU citizens to obtain consent from users, via some kind of opt-in, before implementing cookies or other technologies to capture online visitor information. (See below for information on managing your cookies.)

If your data is stolen, the ePrivacy Directive states that you should be notified. That’s good because data theft can result in identity theft or fraud, damage to your reputation, loss of control over your personal data or a loss of confidentiality.

However, this fall, the rules changed slightly and now businesses don’t have to notify consumers that their personal data has been lost or stolen if the data has been encrypted. The ministers figure that the business has “appropriate technological protection measures” to protect the data that has been lost or stolen from being accessed by people not authorized to see it.

Viewing and managing your cookies

For those of you not familiar with the term, cookies are small files stored in your browser that contain information about your visit to a web page. They help tailor your online shopping experiences by doing things such as recording items in your shopping cart, they also recommend products based on your interests, allow auto-log in and compile browsing histories.

In most modern browsers, you can control cookie settings. The options include viewing stored cookies, controlling which sites you accept cookies from, and setting how long they may be stored and used.

Chrome

  1. 1. Open the drop-down menu in the top right corner of the Chrome browser, select Settings.
  2. 2. At the bottom of the page, click Show advanced settings.
  3. 3. In the Privacy section, open the button that says Content settings.
  4. 4. Under Cookies, you check or uncheck the options to manage the settings.
  5. 5. To see individual cookies, click All cookies and site data.
  6. 6. To remove cookies, hover the mouse over the entry. Click the X to delete.
  7. 7. To delete all cookies, click Remove all.

Firefox

For instructions to clear cookies in Firefox, please visit Mozilla’s support page.

Chrome

For instructions on clearing and managing cookies in Internet Explorer, please search Microsoft help for your version of IE. Here’s general information.

Panda Security

Panda Security announces new growth strategy and identity change #PandaSimplexity

panda logo

Panda Security, The Cloud Security Company, celebrates its 25th anniversary with a brand new strategic plan and a new corporate identity that goes far beyond simply using a different logo or brand image. This initiative has brought about a comprehensive transformation, both external and internal, which affects all of the company’s values and processes and reflects the company’s essence more accurately: innovation, vision and talent. This change represents the birth of a new Panda.

“We want to be perceived by the industry as we really are: challenging and innovative with deep human values. That’s why we have created a new corporate identity that we feel more identified with and which is closer, simpler and more modern. This transformation is based on the concept of “simplexity”: making complex things simple, simplifying the complexities faced by the computer security sector”, said Paula Quirós, CMO at Panda Security.

Panda Security has been working intensely on this project for more than a year, with participation from all of the company’s offices around the world. “This has been a very comprehensive project but also exciting at the same time. We have taken into account opinions from all the departments in Panda Security both in our headquarters in Spain and the rest of the world, as well as the insight offered by our customers and partners. Obviously, we have also closely tracked the competition and the computer security industry in general. The result? A completely renewed corporate image, fresh and simple, which differentiates us and positions us where we want to be. We are Panda, we are simplexity”, explained Panda Security’s CMO.

Five-year strategic plan

Panda’s rebranding initiative signals the beginning of an ambitious five-year strategic plan based on growth, technology and international expansion. “The objective for the next five years is to grow at twice the rate of the computer security industry, as well as integrating and unifying technologies to provide our customers with a global security service that includes elements such as mobility or the Internet of Things under the concepts of simplexity and peace of mind. Additionally, we will continue to expand our international presence, with special emphasis on the European, North American and Latin American markets”, explained Diego Navarrete, Panda Security CEO.

New identity

The agency selected to assist Panda in such an ambitious project was Saffron Brand Consultants. Panda and Saffron worked closely together in 2014 to shape a new, closer and more modern Panda, with a new design that conveys the sharp, honest and optimistic spirit of the brand.

“In short, with this new identity we want our customers to perceive us as we really are. A close, friendly, innovative company capable of successfully facing the present and future challenges,” concluded Paula Quiros.

You can see the new brand video here.

The post Panda Security announces new growth strategy and identity change #PandaSimplexity appeared first on MediaCenter Panda Security.

Avast

Infographic: Privacy tips for business

Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.

Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.

Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.

To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:

DPD-Privacy-is-Good-for-Business-2014_1_13

  • If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
  • Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
  • Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
  • Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
  • Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
  • Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.