Tag Archives: mobile malware

Can my mobile phone be attacked by malware?

Mobile malware is a growing threat.

Banking, shopping, email. We do things on our phones that used to only be done on our desktop PC. Hackers know valuable data is stored on people’s phones, and they increasingly find new ways to attack mobile users.

smartphones

These devices have information on them that is valuable to hackers

The most common mobile threats are adware packaged as fun gaming apps that provide little value and spams users with ads. SMS attacks are malware which sends unauthorized premium SMS or makes premium-service phone calls. This results in a large monthly bill for the user and a significant source of revenue for cybercrooks.

The most aggressive malware is mobile ransomware. Simplocker was the first Android ransomware to encrypt user files, and now there are thousands of variations that make it nearly impossible to recover the encrypted data on a smartphone.

Privacy is an issue with vulnerabilities such as Certifi-gate and Stagefright, both of which can be exploited to spy on users. Certifi-gate put approximately 50 percent of Android users at risk, and Stagefright made nearly 1 billion Android devices vulnerable to spyware.

Avast protects mobile devices from malware

Avast Mobile Security for Android scans mobile devices and secures them against infected files, phishing, malware, and spyware.  The app provides people with the most advanced mobile malware protection available, now even faster with Avast’s leading cloud scanning engine. Install Avast Mobile Security for free!

Avast protects from unsecure Wi-Fi networks

Because cybercrooks take advantage of unsecure routers and Wi-Fi hotspots, we added Wi-Fi Security which notifies the user when connecting to an unsecure router. The user quickly identifies the security level of Wi-Fi hotspots and can evaluate the risks and decide whether to disconnect or use a VPN instead.

Avast protects user privacy

Privacy concerns range from permission-hungry apps to nosy children. Avast Mobile Security’s Privacy Advisor informs the user about what data apps have access to and ad networks included within apps. To defend their personal data against prying eyes, users can now lock an unlimited number of apps on their device using the App Locking feature.

Avast Mobile Security is available for free in the Google Play Store.

Visit Avast at Mobile World Congress

If you are attending Mobile World Congress in Barcelona, February 22 – 25, please visit Avast to see the app in hall 8.1, booth H65.

Avast to demonstrate mobile security app with Qualcomm at Mobile World Congress 

qualcomm-logo

New machine learning-powered malware detection technology identifies zero-day and transformational malware threats at the processor level.

Avast Software was selected by Qualcomm Technologies, Inc. as the lead mobile security service to integrate Qualcomm® Snapdragon™ Smart Protect, a behavioral analysis-based, anti-malware technology that utilizes technology from the Qualcomm® Zeroth™ Machine Intelligence Platform to detect mobile malware threats to smartphone security and personal privacy in real-time. Qualcomm Technologies and Avast will be demonstrating this mobile security solution at Mobile World Congress next week in Barcelona.

Mobile malware is on the rise 

Avast currently has over two million malicious samples in its mobile threat detection database. Every day, Avast detects 12,000 new, unique mobile malware samples and each quarter about 15% of mobile users worldwide encounter mobile malware.

With the growing use of mobile devices and the valuable data they contain, malware developers increasingly target mobile users. One example of mobile malware is ransomware, which locks a device or the data on it and demands a ransom to unlock the device. Adware is also spreading on mobile. Adware often comes in the form of a gaming or entertainment app that seems harmless, but what users are unaware of is that the adware is using their infected device to click on ads. In 2015, Avast also detected new forms of mobile spyware which intrude on users’ privacy and collect their data. In addition to mobile malware, potential exploits in the Android operating system such as Stagefright put users at risk.

“With threats increasing every day, OEMs and mobile operators need to protect their users in real-time,” said Gagan Singh, president of mobile at Avast. “Snapdragon Smart Protect provides security at the processor level, which is designed to improve customer privacy and protect them from rogue applications, zero day attacks, and ransomware.  We are proud to have worked with Qualcomm Technologies on this effort.”

“Snapdragon Smart Protect is engineered to support real-time, accurate detection of zero-day and transformed mobile malware,” says Sy Choudhury, senior director of product management, Qualcomm Technologies, Inc. “The combination of Qualcomm Technologies’ dynamic, behavior-based malware analysis of Snapdragon Smart Protect and the core malware analysis delivered by Avast enables very powerful and comprehensive security and privacy protection for device users.”

Traditional security software is limited to scanning and monitoring software behavior at the application layer level. Snapdragon Smart Protect utilizes Qualcomm Technologies’ Zeroth machine learning technology to detect and classify a broader range of mobile malware at the processor level to achieve an even higher level of protection. While consumers will benefit from better protection, OEMs and mobile operators will benefit from reducing the risk of data leakage and malware attacks for their users.

Snapdragon Smart Protect is available to handset OEMs now on the Snapdragon 820 processor, and is expected to be supported by additional Snapdragon SoCs later this year. The first commercial devices with Snapdragon Smart Protect are expected in the first half of 2016.

Mutating mobile malware and advanced threats are on the horizon as we approach 2016

Bad guys know that people are moving their computing to mobile, so they are adapting

Bad guys know that people are moving their computing to mobile, so they are adapting

Yesterday, we walked you through a set of our 2016 predictions in regards to home router security, wearables and the Internet of Things. In addition to these important topics, mobile threats are not something that should be ignored as we move into 2016.

“Most people don’t realize that mobile platforms are not really all that safer or immune from attack then desktop platforms,” said Ondřej Vlček, COO of Avast. “Most people use mobile devices in a more naive way then they use a PC because they just don’t understand that this is a full blown computer that requires caution.”

 Hackers have done their homework to prepare for the new year

Over the course of this year, we’ve seen a list of notable mobile threats that jeopardized the privacy and security of individuals. Our own mobile malware analyst, Nikolaos Chrysaidos, has a few ideas about several issues that could crop up in the new year:

  • Android malware that can mutate. This superintelligent family of malware is capable of altering its internal structure with new and improved functions, changing its appearance, and if left unmonitored, spreading on a viral scale. And yes, this concept is just about as scary as it sounds.
  • More security vulnerabilities that can be exploited as a result of fuzzing. This year, there was a good amount of research on fuzzing, making it more and more of a familiar concept to both good and bad guys within the digital world. Fuzzing is a technique that is used to discover security loopholes in software by inputting massive amounts of data, or fuzz, into a system with the intent of overloading and crashing it. Next year, these vulnerabilities could look similar to Stagefright, the unique and dangerous vulnerabillity that, when exploited, left mobile devices vulnerable to spyware.
  • Smarter social engineering techniques. Now that most people know about certain vulnernabilities and their potential consequences, hackers can take advantage of this knowledge and use it to their advantage. For example, a hacker could trick users into installing their malware by telling them that an MMS is waiting for them but can’t be sent via text message due to risks associated with the Stagefright bug. Users are then prompted to click on a malicious download link. Although we could see more of these advancements in 2016, the concept isn’t completely new – this year, an example of this type of technique could be seen within OmniRat spy software.
  • APTs on mobile. In 2016, Advanced Persistent Threats (APTs) could be used to target politicians. This could be accomplished by using spyware (similar to Droidjack or OmniRat) in combination with specific social engineering techniques that could aid hackers in gaining access to powerful and influential individuals.

With this list of potential threats and risks in mind, it becomes clear that our mobile devices hold more value than just our apps and contacts. As hackers‘ techniques grow smarter, it’s important that we do the same in regards to the way that we approach our security.

Protect your Android devices with Avast Mobile Security. That and other apps like our new Wi-Fi Finder and Avast Cleanup & Boost are free from the Google Play Store.


 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Mobile Crypto-Ransomware Simplocker now on Steroids

In June 2014, we told you about mobile ransomware called Simplocker that actually encrypted files (before Simplocker, mobile ransomware only claimed to encrypt files to scare users into paying). Simplocker infected more than 20,000 unique users, locking Android devices and encrypting files located in the external storage. Then, it asked victims to pay a ransom in order to “free” the hijacked device. It was easy to decrypt the files affected by this variant of Simplocker, because the decryption key was hardcoded inside the malware and was not unique for each affected device.

Dangerous unique keys

keyBut now there is a new, more sophisticated variant of Simplocker in town that has already infected more than 5,000 unique users within days of being discovered. The reason why this variant is more dangerous than its predecessor is that it generates unique keys for each infected device, making it harder to decrypt infected devices.

To use an analogy, the original variant of Simplocker used a “master key” to lock devices, which made it possible for us to provide a “copy of the master key” (in the form of an app, Avast Ransomware Removal) to unlock already infected devices. The new variant however, locks each device with a “different key” which makes it impossible to provide a solution that can unlock each infected device, because that would require us to “make copies” of all the different “keys”.

Why would anybody install Simplocker?!

The reason why people install this new variant of Simplocker is because it goes undercover, meaning people don’t even realize that what they are installing is ransomware!

Fake Flash

Tricky Simplocker pretends to be a real app.

 

In this case, the new variant of Simplocker uses the alias “Flash Player” and hides in malicious ads that are hosted on shady sites. These ads mostly “alert” users that they need Flash Player installed in order to watch videos. When the ad is clicked on, the malicious app gets downloaded, notifying the user to install the alleged Flash Player app. Android, by default, blocks apps from unofficial markets from being installed, which is why users are notified that the install is being blocked for security reasons.
Device Admin Request

 

Users should listen to Android’s advice. However, users can go into their settings to deactivate the block and download apps from unknown sources. Once installed, a “Flash Player” app icon appears on the device and when it is opened the “Flash Player” requests the user grant it administrator rights, which is when the trouble really begins.

As soon as the app is granted administrator rights, the malware uses social engineering to deceive the user into paying ransom to unlock the device and decrypt the files it encrypted. The app claims to be the FBI, warning the user that they have found suspicious files, violating copyright laws demanding the user pay a $200 fine to decrypt their files.

device-2015-02-05-143216  FBI warning is an example of social engineering

What should I do if I have been infected?

We do NOT recommend you pay the ransom. Giving into these tactics makes malware authors believe they are succeeding and encourages them to continue.

If you have been infected by this new strain of Simplocker, back up the encrypted files by connecting your smartphone to your computer. This will not harm your computer, but you may have to wait until a solution to decrypt these files has been found. Then boot your phone into safe mode, go into the administrator settings and remove the malicious app and uninstall the app from the application manager.

Avast protects users against Simplocker

Avast Mobile Security protects users against both the old and new variant of Simplocker, the new variant is detected as: Android:Simplocker-AA.

A more technical look under the hood:

As the fake FBI warning is being shown to users, the malware continues working in the background, doing the following:

    • The malware decrypts the internal configuration in order to get information like C&C (command and control) commands, the extensions to encrypt, and which users should communicate through Jabber to get the private configuration.
2015-02-05_17-26-17

Internal Config

  • The malware communicates to the server every 60 minutes. Upon the first communication with the server it sends data like: BUILD_ID, AFFILIATE_ID, IMEI, OS, OperatorName, PhoneNumber, and Country to identify the device. Furthermore it checks whether the files have been encrypted or not. Also if a voucher has been entered, it sends back the type and the code. All the data that gets sent back to the server is formatted as: Base64 ( CRC(data) + MalwareEncryption(data) )
  • The data that is received by the server (private config) is saved into file <name>.properties in the root external storage folder of the device.

Command and Control (C&C)

The malware communicates with the C&C server through the XMPP protocol and Jabber.

graphserver

Communication with the C&C

The malware opens the connection in one of the JIDs (Jabber IDs) that can be found in the internal config (ex. [email protected]:LarXrEc6WK2 ).
2015-02-05_13-20-34

The connection is established  to the domain server (xmpp.jp)., then uses the username (timoftei) and the password (LarXrEc6WK2) to authorize itself. After authorization it tries to get the buddy list (roster) of the user. Each of the buddies are compared with the internal list, from internal config, in order to find the “master JID”, possibly the one user that will send back the data (private config) to the malware. After this process, the data is parsed and saved into the file <name>.properties  in the root external storage folder of the device.

After the retrieval of the private config the malware starts encrypting files.

SHA-256 Hash List:

  • 4A0677D94DD4683AC45D64C278B6E77424579433398CA9005C50A43FBBD6C8C2
  • 8E9561215E1ACE91F93B4FAD30DA6F368A9E743D3BE59EA34061ECA8EBAB1F33
  • 93FE7B9212E669BCF443F82303B41444CFE53ACEF8AC3A9F276C0FD2F7E6F123

As Mobile Malware Hits the Million Samples Mark It Becomes More Devious than Ever Before

Mobile malware is growing exponentially. We now have more than 1 million malicious samples in our database, up from 100,000 in 2011. Still relatively young, most mobile malware has a pretty simple structure, yet it is designed to effectively steal people’s money. Newer mobile malware is, however, adapting and evolving, slowly embracing more deceitful and complex tactics to target users.

PC malware authors started in a garage, mobile malware authors in an office

Mobile malware is undergoing a similar development as PC malware did years ago with two significant differences: First, PC malware, in its early stages, was created by hobbyists and has only slowly evolved into a serious business within the last 10 years. Mobile malware, even with its simple structure, has been a serious business from the get-go. Smartphones and tablets are capable of gathering and storing more personalized data than PCs ever did – there is an abundance of valuable data to collect, including personal data and financial information. Thus, the focus of mobile malware has always been on monetization, meaning that even early mobile malware posed real-life threats to its victims, stealing money from them. Secondly, even though malware targeting smartphones and tablets is still young, it’s developing much faster than PC malware did in its initial years.

There are multiple entry points for mobile malware; apart from malicious apps placed in app stores and in-app ads linking to malicious content, malware authors also often take advantage of bugs in mobile operating systems, in popular apps or carrier billing structures. In 2013, around 60 to 70% of malware was tailored to send premium text messages behind users’ backs, a simple trick malware authors took advantage of to get into people’s wallets. The industry is catching up to malware and retaliating – carriers in the US and other countries have banned premium text messaging services. As the industry reacts, mobile malware authors start thinking of and using much more sophisticated and deceitful ways to get to people’s money.

The next generation of mobile malware

Elaborate malware, such as ransomware and spyware, is on the rise and is slowly taking control of mobile devices and the pool of potential victims can only get larger. Google now has more than 1 billion Android users. Formerly only known on the PC platform, a Cryptolocker-like ransomware has recently targeted Android devices for the first time, scaring users by holding their devices hostage, claiming to encrypt files until the user paid the ransom. Mobile spyware, on the other hand, is capable of tracking user location and a variety of other personal data, which can later be used to hack accounts or for identity theft.

We predict that with the emergence of new technologies, malware authors will find new ways of taking advantage of them. For example, as the use of new payment methods like Near Field Payment (NFC) increases, we expect hackers will change the way they go after money.

Users need to become aware of how valuable smartphones really are – not just the hardware, but the data it contains

Mobile threats are increasing – we expect them to reach the same magnitude as PC malware by 2018. However, out of the more than 1 billion smartphones that were shipped globally last year, only a small percentage are currently protected with antivirus software.

To make mobile devices safer and more secure, we need to collectively work together – the security industry, carriers, app store providers and consumers. At AVAST, we are constantly refining our tactics to detect mobile malware, to protect our users with our free and paid solutions. Actions like major carriers in the US, Brazil and the UK no longer billing customers for most forms of commercial Premium SMS messages, thus shutting an important door for malware creators, are a great initiative – and we hope carriers in other countries will follow this step, soon. Also, stricter security rules for apps on Google Play and other app stores could help make some types of malware extinct.

In the end, it’s also up to users to protect their devices and data with security solutions. People need to understand that there are new threats being built to target their mobile devices. Phones and tablets contain people’s personal treasures, in the form of data, whether that be personal information about loved ones or bank details – all of which is interesting for cybercriminals. Therefore, it is essential that people care for their smartphones and tablets in the same way as they protect their PC, the majority of which has antivirus installed.

AVAST Mobile Malware infographic

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Â