Tag Archives: Android corner

Avast

Cybersecurity tips for business travelers

Leave a comment
business trip - working late

Sensitive business data is at risk when you travel. Take precautions to protect it.

Cybersecurity is not limited to your office or home. Nowadays, many of us use the same devices for work and personal business, so when traveling we need to be extra diligent to protect our devices and the data we have on them. If you use common sense and a bit of Avast technology, all your devices – laptops, smartphones, and tablets, can remain secure wherever you are.

Here are a few things you can do before you go and while you’re on-the-road:

1. Install antivirus protection. Your first and best line of defense on your PC or Android device is antivirus protection. Install it and make sure it is up-to-date.

2. Keep your operating system and software up-to-date. Hackers take advantage of software with security holes that have not been plugged, so take time regularly to make sure that your software and apps have patches and updates applied.

3. Lock down your device. Make it a habit to lock your PC and phone with a PIN, password, or even a fingerprint. Avast Mobile Security even allows you to password-protect your apps. Before you travel, make sure your critical apps, like access to your bank, are protected.

4. Turn off auto-connect. If you have your phone set to automatically detect and connect to available wireless networks, then turn it off. It’s much better to choose yourself. The new Avast W-Fi Finder can help you find secure Wi-Fi hotspots. Look for it to be released soon.

5. Avoid unencrypted Wi-Fi networks. Free Wi-Fi hotspots sure are nice, but they are not worth the risk to your personal data. They are unsecured and can give cybercrooks access to your internet-enabled devices. The safest way to use free Wi-Fi, even that supplied by your hotel, is to connect via a virtual private network, otherwise known as a VPN. The name sounds complicated, but with Avast SecureLine VPN, it is as easy as pushing a button.

6. Use smart passwords. Using a password like 1234 or password is not a smart thing to do at any time. But discovering that your account was hacked when you are traveling can ruin your trip. Plan ahead and manage your passwords in an intelligent way. There are plenty of memory tricks you can use to create unique passwords or you can let a password manager take care of the heavy lifting for you. Look for a new Avast password manager coming soon.

7. Think before you overshare. There are differing opinions about oversharing your location on social networks. Some say that broadcasting to the world that you are away invites a burglar into your home. Others say that broadcasting your whereabouts with regular updates is security in and of itself, because your friends and family know where you are in case something happens. And it could protect your contacts from the “I was arrested in Niagara Falls and need you to send bail money via Western Union” scam. Talk with your family and decide how you want to handle that.

8. Guard your devices. Thieves often target travelers. Don’t let yourself get so distracted that you lose track of your devices. Install Avast Anti-Theft before you leave. One of its useful features is called Geofencing. This allows you to set a perimeter, say around a table at an airport cafe, and if your mobile phone leaves that perimeter, an alarm will sound. If you discover any time that your smartphone or tablet has been stolen, Avast Anti-theft lets you control your cell phone remotely. You can locate and track your lost phone, remotely lock or wipe the memory, and even activate a customizable siren or alarm.

The best thing about all these tools is that they are free (or in the case of SecureLine, a free trial), so the next time you start packing for your business trip, make sure that your devices are ready to go too.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Avast Mobile Security: So much more than just another security app

Leave a comment

With millions of applications waiting to be installed in our gadgets, you not only need to be concerned about quality, but you also need to take the proper measures in order to avoid your phone becoming infected by malware. Unfortunately, we already know that Google Play and the Windows Store aren’t immune to malware. Even the Apple Store has its bad days, so we’re not trying to scare you. These days, malware is a continuing, growing threat.

Stay protected on multiple levels with Avast Mobile Security

Avast Mobile Security will protect you while providing you with a worry-free browsing experience. Simply install the app and you‘re good to go! Here’s what you get from this multifaceted software:

  • Android protection: The free features of Avast Mobile Security ensure that your smartphone is safe from online threats and malware.
  • Incoming SMS filtration: You are allowed to block specific numbers for calls and SMS.
  • Stolen/lost device tracking: The software features anti-theft elements that provide you with remote options to track your phone location and also recover the same.
  • Warning alarms: In case you visit a website that malware infected, the software will alarm you by a warning sign or sound using its Web Shield.
  • Wi-Fi and network data usage tracking: You may be eager to know your data usage and Avast makes it quite easy. You can track your network data usage as well as Wi-Fi and perceive how much you have consumed and how much is left to use.
  • Mistyped URLs are auto-corrected: Avast Mobile Security is equipped with a SiteCorrect feature that saves users from the issues of mistyping URLs.

We invite you to check out Avast Mobile Security, free from Google Play.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Dark times for Android: Examining Certifi-gate and the newest Stagefright updates

Leave a comment

Certifi-gate and Stagefright are two recent threats that have put many Android devices at risk. Photo via Ars Technica.

When it comes to security, it seems that Android has seen better days. A slew of vulnerabilities and threats have been cropping up recently, putting multitudes of Android users at risk. Certifi-gate and Stagefright are two threats that, when left unprotected against, could spark major data breaches.

Certifi-gate leaches permissions from other apps to gain remote control access

Certifi-gate is a Trojan that affects Android’s operating system in a scary way. Android devices with Jelly Bean 4.3 or higher are affected by this vulnerability, making about 50% of all Android users vulnerable to attacks or to their personal information being compromised.

What’s frightening about this nasty bug is how easily it can execute an attack – Certifi-gate only requires Internet access in order to gain remote control access of your devices. The attack takes place in three steps:

  1. A user installs a vulnerable app that contains a remote access backdoor onto their Android device
  2. A remotely-controlled server takes control of this app by exploiting its insecure backdoor
  3. Using remote access, Certifi-gate obtains permissions from others apps that have previously been granted higher privileges (i.e. more permissions) by the user and uses them to exploit user data. A good example of an app targeted by Certifi-gate is TeamViewer, an app that allows you to control your Android device remotely.

The good news here is that Avast Mobile Security blocks the installation packages that make it possible for Certifi-gate to exploit the permissions of your other apps. Breaking this down further, Avast Mobile Security would block the package before the action in Step 2 is carried out, making it impossible for a remotely-controlled server to take control of an insecure app that contains a vulnerable remote access backdoor.

Google’s Stagefright patch can be bypassed

We’ve already told you about the Stagefright bug, which has exposed nearly 1 billion Android devices to malware. Whereas Certifi-gate uses Internet access to control your device, Stagefright merely needs a phone number in order to infect users.

Due to the scope and severity of this threat, Google quickly put out a security patch that was intended to resolve the Stagefright issue once and for all. Unfortunately, it hasn’t been fully successful — it’s possible for the patch to be bypassed, which leaves Android users with a false sense of security and a vulnerable device.

As Avast security researcher Filip Chytry explains in his original post examining Stagefright, Avast encourages users to disable the “auto retrieve MMS” feature within their default messaging app’s settings as a precautionary measure. You can read our full set of instructions for staying safe against Stagefright in the post.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Avast Mobile Security users can help develop a new app

Leave a comment

We all know how bothersome finding and connecting to Wi-Fi networks in public places can be — often, we encounter frustrating roaming fees or slow connection speeds in crowded spaces. At Avast, we want Wi-Fi connection to be a safe and simple process for our users. As a result, we’re currently working on new product that will help people to detect and connect to public Wi-Fi networks without any security risk.

Introducing Avast’s new product pioneering program

We’ve recently rolled out a new feature within Avast Mobile Security called the product pioneering program. This program helps harvest nearby Wi-Fi hotspots available for users when they need to connect to public Wi-Fi networks. The feature also supports the creation and growth of our own trustworthy and up-to-date hotspot database, which we need in order to deliver information about nearby Wi-Fi hotspots to our users. As we know that Avast users place great importance on their security and privacy, we are asking our users to lend us a helping hand in collecting and identifying hotspots in their local surroundings. This requires us to request the GPS position permission of our users during the installation or upgrading process of Avast Mobile Security.

In-app notification informing users about our product pioneering program.
Opt-in message shown when users click on in-app notification.
Users have the options of opting out of the program in Settings.

Upon installing or upgrading Avast Mobile Security, users will receive an in-app notification that informs them of our product pioneering program. If a user chooses to opt in to the product pioneering program, it is only then that his or her GPS location information will actively be gathered.

How does the program actually work?

Whenever users connect to an open Wi-Fi hotspot, we will check for an available Internet connection and then anonymously obtain the user’s location along with the name of the hotspot. We will be presenting this gathered information to our users once our Wi-Fi Finder app is ready to be launched in a few months. The app will be available for both Android and iOS.

It’s important to note that our product pioneering program gathers data anonymously from users. Specifically, the program only gathers the names and rough locations of nearby hotspots.

Our users’ participation in our product pioneering program is highly appreciated. We’d like to thank each and every one of our product pioneers in advance for their aid in helping us deliver our new product! Download Avast Mobile Security for free on Google Play.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Free Avast Cleanup app cleans and optimizes Android phones and tablets

Leave a comment
Avast Cleanup is a free app for Android

Avast Cleanup is a free app for Android

After a while, your phones and tablets accumulate obsolete files and superfluous data, system caches, gallery thumbnails, and programs. This ‘junk’ slows down your device and eats up precious storage space.

Avast Cleanup identifies and cleans unwanted files from your Android device so it will run like a champ again.

Our new free app, Avast Cleanup & Boost for Android, cleans away all the unwanted files and programs so that your device is running smoothly and quickly with storage space to spare. But don’t take our word for it.

Longtime Avast customer, Thomas M. from North Lanarkshire, Scotland wrote us to tell how pleased he is with Cleanup’s performance. Thomas has used Avast for years, and uses Avast Free Antivirus to protect his home computers.

Thomas M.

Thomas M.

“Having installed Avast Free Antivirus 2015 on two of my PCs and a laptop, which for me is the best yet, I came across the new Avast Cleanup app which I installed on my phone and both my tablets.

I had been having a few performance issues with at least one of my tablets and my phone. After installation and running the application, both run great. The app freed up a nice amount of space and discarded lots of clutter left behind by old apps, etc.

The interface, as well as being intuitive, looks great too. I especially like the spiral animation whilst cleaning is in action. So slick!

I also like the option to store/back-up deleted items to cloud storage (if required), in this case Dropbox being the choice offered.

Nice work, Avast, once again on offering another quality fully functional free product.”

It’s our pleasure, Thomas. Thanks for taking the time to write to us.

Avast Cleanup gets rid of junk files on Thomas M.'s tablets and phone.

Avast Cleanup gets rid of junk files on Thomas M.’s tablets and phone.

How to run a Cleanup scan

Cleanup can disable or remove certain files and programs to optimize your system. Follow these steps and get started now:

  • Install Avast Cleanup & Boost for Android for free from the Google Play store or from the Avast Cleanup website when accessed with your mobile device
  • When the application is running, you can run the basic cleaning by tapping the Safe clean button. The configuration window will appear automatically the first time you run the application.
  • Select Start cleaning to start this process right away or select Configure. The Configure option redirects you to Settings where you can choose the type of files to be deleted.

Learn more about how to use Avast Cleanup on the FAQ.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Big Brother(s) Could be Watching You Thanks to Stagefright  

Leave a comment

Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware. The vulnerability was found in “Stagefright”, an Android media library. Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.

The scary part is that hackers only need your phone number to infect you. The malware is delivered via a multimedia message sent to any messenger app that can process MPEG4 video format – like an Android device’s native messaging app, Google Hangouts and WhatsApp. As these Android messaging apps auto-retrieve videos or audio content, the malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link. This is unique, as mobile malware usually requires some action to be taken to infect the device. The malware could also be spread via link, which could be sent via email or shared on social networks, for example. This would, however, require user interaction, as the video would not load without the user opening  a link. This exploit is extremely dangerous, because if abused via MMS, victims are not required to take any action and there are neither apparent nor visible effects. The attacker can execute the code and remove any signs that the device has been compromised, before victims are even aware that their device has been compromised.

A cybercriminal’s and dictator’s dream

Cybercriminals can take advantage of the vulnerability to collectively spy on millions of people – and even execute further malicious code. Repressive governments could abuse the bug to spy on their own people and enemies. The vulnerability, however, could also be used for non-political spying. Hackers can easily spy on people they know, like their spouse or neighbour – all they need to know is their victim’s phone number. Hackers can also steal personal information and use it to blackmail millions of people, or use the data for identity theft. The possible consequences of this vulnerability need to be taken seriously.

Fixes are urgently needed

Now comprehensive fixes need to be provided by the phone’s manufacturers in an over-the-air (OTA) firmware update for Android versions 2.2 and up. Unfortunately, updates for Android devices have historically taken a long time to reach users. Hopefully, manufacturers will respond quicker in this case. On a positive note, Google has already responded. HTC told Time “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

In the meantime, what can you do to protect yourself?

We recommend users disable “auto retrieve MMS” within their default messaging app’s settings, as a precautionary measure for the moment. We have put together step-by-step instructions on how you can disable auto retrieve for MMS in various Android messaging apps:

Messages App:

Step 1: Open the Messages app and click on the three dots in the upper right hand corner Messages app Step 2: Click on “Settings” in the dropdown menu Messages Settings Step 3: Click on “Multimedia messages” Messages settings Step 4: Uncheck “Auto retrieve” Messages settings Your Messages “Multimedia messages” settings should now look like this:

Messages settings Google Hangout

Step 1: Open the Google Hangout app and click on the three lines in the upper left corner Google Hangout settings Step 2: Click on “Settings” Google Hangout SettingsStep 3: Click on “SMS” Google Hangout settings Step 4: Scroll down to “Advanced” and uncheck “Auto retrieve MMS” Google Hangout settings Your Google Hangout “SMS” settings should now look like this: Google Hangout settings

Messenger App:

Step 1: Open the Messenger app and click on the three dots in the upper right hand corner Messenger 1 Step 2: Click on “Settings” in the dropdown menu Messenger 2 Step 3: Click on “Advanced” Messenger app settings Step 4: Uncheck “Auto retrieve” Messenger app settings Your Messenger “Advanced Settings” should now look like this: Messenger app settings

Messenger:

Step 1: Open the Messaging app and click on the three dots in the lower right hand corner Messaging app settings Step 2: Click on “Settings” Messaging app settings Step 3: Scroll down to “Multimedia (MMS) messages” and uncheck “Auto retrieve MMS” Messaging app settings Your Messaging “Settings” should now look like this: Messaging app settings

WhatsApp

Step 1: Open WhatsApp and click on the three dots in the upper right hand corner WhatsApp settingsStep 2: Click on “Settings” Whatsapp settingsStep 3: Click on “Chat Settings” Whatapp settings Step 4: Click “Media auto-download” Whatsapp settings   Step 5: Click “When using mobile data” and/or “When connected on Wi-Fi” Whatsapp settings Step 6: The “When connected on Wi-Fi” settings are automatically set to download videos, so it is important to uncheck the checkmark Whatsapp settings Step 7: The “When connected on mobile data” settings are NOT automatically set to download videos, but in case you did enable it, you should disable it Whatsapp settings Your WhatsApp “Media auto-download” should now look like this: Whatsapp settings

Avast

Creators of Dubsmash 2 Android Malware Strike Again

Leave a comment

Malware Writers Can’t Keep Their Hands Off Porn

In April, we reported on a porn clicker app that slipped into Google Play posing as the popular Dubsmash app. It seems that this malware has mutated and once again had a short-lived career on Google Play, this time hidden in various “gaming” apps.

For your viewing pleasure

The original form of this porn clicker ran completely hidden in the background, meaning victims did not even notice that anything was happening. This time, however, the authors made the porn a bit more visible to their victims.

The new mutation appeared on Google Play on July 14th and was included in five games, each of which was downloaded by 5,000-10,000 users. Fortunately, Google reacted quickly and has already taken down the games from the Play Store.

The selection of "gaming" apps affected by Clicker-AR malware on the Google Play Store.

The selection of “gaming” apps affected by Clicker-AR malware on the Google Play Store.

Once the app was downloaded, it did not really seem to do anything significant when opened by the user. However, once the unsuspecting victim opened his/her browser or other apps, the app began to run in the background and redirect the user to porn sites. Users may not have necessarily understood where these porn redirects were coming from, since it was only possible to stop them from happening once the app was killed.

May I?

This new mutation, which Avast detects as Clicker-AR, requested one important permission that played a vital role in helping the app do its job. The app requested permission to “draw over other apps”, meaning it could interfere with the interface of any application or change what victims saw in other applications. This helped the malware put its adult content in the forefront of users’ screens.

Let’s play “Clue”

We did not immediately realize that the group behind Clicker-AR was comprised of the same folks  from Turkey behind the fake Dubsmash app. Then, our colleague Nikolaos Chrysaidos dug a bit deeper and was able to connect some clues to figure out who was behind this piece of malware. He noticed that the fake Dubsmash app and the new apps shared the same decryption base64 code for the porn links. We then noticed that they shared the same function with the same name “bilgiVer”, which means “give information” in Turkish. Finally, the old and new apps used the same DNS from Turkey. Not only did they have a server in Turkey, but they also now made use of an additional server in the U.S. – it seems they made some investments using their financial gain from April!

Bye bye, porn!

As mentioned above, these malicious apps have already been removed from Google Play and Avast detects the malware as Clicker-AR. The following games are infected with Clicker-AR: Extezaf tita, Kanlani Titaas, Kapith Yanihit, Barte Beledi, and Olmusmi bunlar. If you have any of these apps installed on your device, we suggest you remove them (unless you, um, enjoy them) and make sure you have an antivirus app, like Avast Mobile Security, installed to protect yourself from mobile malware.

Follow Avast on Twitter where we keep you updated on cybersecurity news every day.

Avast

Android malware Fobus now targeting users in the U.S., Germany and Spain

Leave a comment

Mid January we informed you of a data-stealing piece of Android malware called Fobus. Back then Fobus mainly targeted our users in Eastern Europe and Russia. Now, Fobus is also targeting our users in the USA, United Kingdom, Germany, Spain and other countries around the world.

Fobus can cost its unaware victims a lot of money, because it sends premium SMS, makes calls without the victims’ knowledge and can steal private information. More concerning is that Fobus also includes hidden features that can remove critical device protections. The app tricks users into granting it full control of the device and that is when this nasty piece of malware really begins to do its work. You can find some more technical details and analysis of Fobus in our previous blog post from January.

Today, we decided to look back and check on some of the data we gathered from Fobus during the last six months. We weren’t surprised to find out that this malware family is still active and spreading, infecting unaware visitors of unofficial Android app stores and malicious websites.

The interesting part of this malware is the use of server-side polymorphism, which we suspected was being used back in January but could not confirm. We have now confirmed that server-side polymorphism is being used by analyzing some of the samples in our database. Most of these have not only randomly-generated package names, but it also seems that they have randomly-generated signing certificates.

Number of users who have encountered Fobus

Number of users who have encountered Fobus

Geographical reach expanded from the East to the West

Previously, we predicted that we would probably see a steady growth in the number of encounters users have with this malicious application. A review of the results, however, beats all of our predictions. At the beginning, this malware mainly targeted mobile users in Russian speaking countries. As our detections got smarter and we discovered new mutations of Fobus, we discovered that many other countries are affected as well. Now Fobus, although it still mainly targets users in Eastern Europe and Russia, is also targeting our users in the USA, Germany, United Kingdom, Spain, and other countries around the world.

The above graph shows the number of unique users (user IDs) encountering Fobus per day. The graph is also geologically divided by country codes as reported by the users’ connection location.

Number of times users encountered Fobus by country (as of July 21, 2015):

  • Russia: 87,730
  • Germany: 25,030
  • Spain: 12,140
  • USA: 10,270
  • UK:  6,260
  • Italy: 5,910

There are two great leaps visible in the graph, which mark the days when new versions of Fobus were discovered and new detections protecting our users were released. These three detections seem to be particularly effective at their task. The high impact in countries outside of Russia and English speaking regions, which can be seen in the graph, is a little surprising. Especially considering that the malware typically is only in Russian and English and even the English version contains some strings in Russian. Seems like the authors were too lazy to translate their own app properly…

World map showing the percentage of users who encountered Fobus

World map showing the percentage of users who encountered Fobus

An app, built just for you

Now, let’s dig into the analysis. We will look at the certificates used to sign some of the Fobus samples. We already mentioned the problems connected with generating unique applications for each victim (server-side polymorphism). This does not only apply to rebuilding, repackaging and obfuscating each instance of the app itself, but also extends to their signing certificates. To back this up, we analyzed around 4,000 samples and data and inspected the usage of these certificates. We verified that each build of the malicious app is typically seen by one user only, even though its signing certificate can be used to sign multiple apps. Virtually all of the samples we have are very low prevalent, meaning that different users only very rarely see an app instance multiple times. As for the signing certificates, we believe that they are being regenerated on a timely basis. We were able to pick a few examples of such certificates from our statistics.

certs_may_28certs_may_30

 

 

 

 

 

 

 

 

 

 

As you can see from the screenshots above, these certificates are dated the 28th and 30th May 2015 and the time differences in the beginning of the validity period between these certificates are in the order of minutes, sometimes even seconds. We have also found some samples that have certificates with randomly generated credentials altogether.

certs_random

The above provided screenshot is an example of such randomly generated certificates.

To conclude, we would like to encourage you to think twice about the apps you install on your phone. Especially if the apps you download are from third party stores and unknown sources. If you download apps from the Google Play Store you’re on the safe side. Requiring nonstandard permissions – especially permissions that don’t seem necessary for the app to properly function – may be a sign that something fishy going on. You should be very suspicious of an app that requests device administrator access and think twice before downloading it.

Acknowledgement

Special thanks to my colleague, Ondřej David, for cooperation on this analysis.

Avast

How to thoroughly wipe your phone before selling it

Leave a comment

Make sure your Android phone is wiped clean before you sell it.

Every day, tens of thousands of people sell or give away their old mobile phones. We decided to buy some of these used phones to test whether they had been wiped clean of their data. What we found was astonishing: 40,000 photos including 750 photos of partially nude women and more than 250 male nude selfies, 750 emails and texts, 250 names and addresses, a collection of anime porn, a complete loan application, and the identity of four of the previous phone owners.

How did we recover so much personal data?

The problem is that people thought they deleted files but the standard features that came with their operating system did not do the job completely. The operating system deleted the corresponding pointers in the file table and marked the space occupied by the file as free. But in reality, the file still existed and remained on the drive.

With regular use of the device, eventually new data would overwrite the old data but since the person was selling the phone, that never happened and the files were still intact.

It works the same way on your PC. I used free software to recover deleted photos that I thought were missing forever because they had not been overwritten yet.

You can permanently delete data with Avast Anti-Theft

Avast’s free app for Android, Avast Anti-Theft, actually deletes and overwrites all of your personal files. All you do is follow these steps to delete personal data from your smartphone before you sell it or give it away.

1. Install Avast Anti-Theft on your Android device. The app is free from the Google Play Store.
2. Configure Avast Anti-Theft to work with your My Avast account. This gives you remote access to your phone through your PC.
3. Turn on the thorough wipe feature within the app.
4. Log in to your My Avast account from a PC to wipe your phone. This will delete and overwrite all of your personal data.

Follow Avast on FacebookTwitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Widespread iScam ransomware originates from US servers

Leave a comment

iPhone and iPad users who turn on Avast SecureLine VPN while on unsecured Wi-Fi are protected from iScam.

It’s a common belief (and myth) that Apple products are invincible against malware. This false line of thinking has recently again been refuted, as iPhone and iPad users have been encountering a ransomware threat that freezes their Internet browsers, rendering their devices unusable. The ploy, commonly known as iScam, urges victims to call a number and pay $80 as a ransom to fix their device. When users visit an infected page while browsing using the Safari application, a message is displayed saying that the device’s iOS has crashed “due to a third party application” in their phone. The users are then directed to contact customer support to fix the issue.

iScam displays a "crash report" to affected users. (Photo via Daily Mail)

iScam displays a “crash report” to affected users. (Photo via Daily Mail)

In the midst of this vexing threat, Avast’s suite of security applications identifies URLs which contain malicious content. When discovered, these addresses are flagged for malware and then stored in our blacklist database.

While scanning for malicious URLs, we discovered that many of the servers related to iScam are located in the United States. While iScam has affected users located in both the U.S. and U.K., the origins of the threat have remained fairly nebulous up until this point. Here are a few examples of where we’ve discovered malicious servers in the U.S.:

  • Scottsdale, Arizona (system-logs.info)
  • Concord, North Carolina (pcassists.info)
  • Kirkland, Washington (Adbirdie.com)
  • Chicago, Illinois (pcsafe.us)
  • Los Angeles, California (clevervc.com)

Every cloud has a silver lining – in this case, you can celebrate the fact that you’re protected from iScam using Avast SecureLine VPN. Not only does Avast SecureLine VPN protect you while browsing on unprotected Wi-Fi networks, but it also scans websites to check for malicious content and keep you from becoming affected by them. Once Avast SecureLine VPN is installed onto your iPhone or iPad, it automatically notifies you of the risks of connecting to unsecured Wi-Fi and you have the option of connecting to the secure VPN. Once turned on, Avast SecureLine VPN creates a private ‘tunnel’ for your data to travel through, and all your activities done over the Internet – inbound and outbound through the tunnel — are encrypted. If a website is infected with iScam, Avast SecureLine VPN blocks it, so users will not encounter the scam. For your best protection, Avast SecureLine VPN is available to download in iTunes.

How to clean your system if you’ve been infected by iScam

  • Turn on Anti-phishing. This can be done by visiting Settings > Safari and turn on ‘Fraudulent Website Warning’. When turned on, Safari’s Anti-phishing feature will notify you if you visit a suspected phishing site.
  • Block cookies. For iOS 8 users, tap Settings > Safari > Block Cookies and choose Always Allow, Allow from websites I visit, Allow from Current Websites Only, or Always Block. In iOS 7 or earlier, choose Never, From third parties and advertisers, or Always.
  • Allow JavaScript. Tap Settings > Safari > Advanced and turn JavaScript on.
  • Clear your history and cookies from Safari. In iOS 8, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data. To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.

Check out Apple’s support forum for additional tips on how to keep your device safe while using Safari.