Dissecting MKero, the premium SMS service subscriber trojan found on Google Play

Avira-Av-Test

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

In this malware-everywhere context, the best way to stay safe is to install software only from trusted locations, like Google Play. Starting with 2011, Google managed to reduce the amount of malicious applications in its store by using an in-house automated antivirus system, called Google Bouncer.
However, since nowadays everything is continuously evolving and adapting, nothing is bulletproof and the bad guys found various ways (e.g. delayed backdoor trojan, dendroid malware) to trick the automated checker and upload malicious apps in the official store.

This is also the case for today’s case study – a trojan from the MKero family which was recently discovered in Google Play masked as normal gaming applications:
com.likegaming.gtascs (md5 14cdf116704af262174eb0678fd1b368), com.likegaming.rcdtwo (md5 39b84a45e82d547dc967d282d7a7cd1e), com.likegaming.ror (md5 69820ddcab4fe0c6ff6a77865abf30b9), com.likegaming.rprs (md5 8c496957d787861c0b11789a227a32c7), com.likestudio.offroadsimulatoreone (md5 c7478eff0c2eca8bcb5d0611bfec54d6).

This type of malware was discovered in 2014, but for the first time is now found in the official Google Store – which means that its developer(s) added special code to bypass Bouncer. Once installed on the device, the trojan’s logic is very simple: it secretly subscribes the victim to premium SMS services for which the user will be charged monthly with a minimum of $0.5 per message. In addition to bypassing Bouncer, the main peculiarity of this malware is its ability to automatically “resolve” the CAPTCHA image required in the subscription process, by sending it to an online image-to-text real-time service. Furthermore, this trojan is completely silent during the installation and, more importantly, during the infection time by hiding any incoming SMS sent by the premium subscription services.

How exactly is it doing its “thing”?

We know what this trojan does and how it passes the most complicated task (CAPTCHA decoding), so it will definitely be worth to dig further in its internals to find out how it works exactly.

For our analysis, we’ll use the com.likegaming.gtascs (md5 14cdf116704af262174eb0678fd1b368) apk from the above mentioned list of infected packages.

Let’s start by checking the internal APK structure – this can be done by extracting it (or just by listing the files) with any zip tool (e.g. unzip, 7-zip, winzip):
$ tree -L 2
├── AndroidManifest.xml
├── assets
│   └── bin
├── classes.dex
├── lib
│   ├── armeabi-v7a
│   └── x86
├── META-INF
│   ├── CERT.RSA
│   ├── CERT.SF
│   └── MANIFEST.MF
├── res
│   ├──[skipped res folders]
└── resources.arsc

Nothing special so far, all the usual files (manifest, classes, resources) and folders (res, lib, assets) are there and they seem to contain usual APK data.

Since the AndroidManifest.xml file is the entry point of any apk, we’ll continue the analysis here. In order to convert the binary XML into the human readable format, we need android-apktool which will also do some extra decoding required later:
$ apktool if com.likegaming.gtascs.apk
I: Framework installed to: $HOME/apktool/framework/127.apk
$ apktool d com.likegaming.gtascs.apk
I: Using Apktool 2.0.1 on com.likegaming.gtascs.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: $HOME/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...

From the decoded XML file, one can usually check various tags/elements like: package name (com.likegaming.gtascs, in our case), needed permissions, activities, services, receivers.
When taking a look at the permissions, some of them seem very suspicious (check the highlighted lines) for an application which is supposed to be a normal gaming app:

permissions

Thus, the required permissions are the first suspicious thing about this app and, if the user is properly cross-checking them with regard to app’s scope/description, the installation should be aborted at this point. But, we all know that this wont happen too often and, usually, the required permissions will be simply ignored and accepted by the regular user.

Next, let’s check the main activity declaration – nothing special from the name, so we’ll have to dig in its code later on:

main-activity

There are also various other activities in the manifest, but we’ll first focus on the declared services which, by definition, are background tasks that are run even when the user is not interacting with the application. There’s not much information though, just some suspect names for the services starting with Mk:

services

Things are getting more interesting for the receivers part – there are 2 of them having a priority of 1000 in the intent-filter element:

receivers

From the information extracted from the manifest file we’ve found the following: suspect permissions, the name of the main activity, the services which can be started by the app and 2 high-priority receivers (one for the SMS_RECEIVED intent and the other one for the BOOT_COMPLETED intent).

It’s now time to start looking into the code after every important activity/service/receiver found above. For this, the file classes.dex, which is in Dalvik VM format, must be decompiled into a human-readable format; we already decompiled it to smali/baksmali with the manifest file conversion, but it’s also possible to convert the dex to jar and then open the jar file with a java decompiler, like jd-gui, in order to view the java code.

Analyzing the main activity, com.unity3d.player.UnityPlayerActivity, appears to be a dead-end because it’s basically calling code from the legit game engine framework, com.unity3d. Therefore, nothing malicious is happening when the user is actually opening and playing the game. That being said, it means that the malicious code is activated by other means, like broadcast receivers. So let’s continue by checking the code of the 2 high-priority broadcast receivers found in the manifest – com.mk.lib.receivers.MkStart and com.mk.lib.receivers.MkSms.

The first receiver, com.mk.lib.receivers.MkStart, which is called whenever the phone is (re)started, is creating an intent which repeatedly starts (using 1h delay) a new service, com.mk.lib.MkProcess:

MkStart

Looking at the onStartCommand method of com.mk.lib.MkProcess service, it appears that this one is starting a new background thread that executes the com.mk.lib.MkProcess$Commands.doInBackgroundmethod which is doing the whole magic (communicates with the C&C servers to get the URL(s) of the SMS premium servers and then starts the registration process):

doInBackground

Now let’s try to find the C&C domains which seem to be returned by the com.mk.lib.heplers.Functions$getDomains (notice the spelling error – heplers instead of helpers) method. Unfortunately, my version of jd-gui tool is unable to decompile the com.mk.lib.heplers.Functions file (probably because of the obfuscation), thus we’ll look into the smali code instead – smali/com/mk/lib/heplers/Functions.smali file. From its smali, the method is calling another private method, com.mk.lib.heplers.Functions$appDomains, which seem to directly return the name of the used domains:

appDomains

Unfortunately, as it is the case with the whole application, the strings are heavily obfuscated (see highlighted areas), so they do not make much sense in this form. Luckily, the domains seem to be in-place decoded with the com.mk.lib.heplers.Data.Http.V method. Looking at the decoding method, one can see that it’s doing a lot of heavy stuff (multiple loops with various bitwise operators) and can’t be easily reversed, so we need another way to obtain the original strings.

Since the method is implemented in the decompiled jar, we can create a simple java program which simply calls the decoding method with the obfuscated string as input. While trying to do so, you’ll get a java compilation error because the decode function is defined as static and is not accessible from the exterior of the package. Fortunately, this can be bypassed using java reflexion – I have implemented a simple java program which loads the method, makes it accessible, then calls it with the provided input and, in the end, prints the result on standard output:

MethodCaller

Finally, running the above java program with our strings, we get the following results:
$ java -cp .:classes-dex2jar.jar MethodCaller 'com.mk.lib.heplers.Data$Http' V "obfuscated_string_1" "obfuscated_string_2"

nosepudymy.biz,areripydok.com,vozicokeboh.biz,hekisanosih.com,yfaqoqysusyfyfa.biz,dewekasadito.biz,zerawyhifuwude.biz,eluheqizomado.biz,ufadaqim.biz,imuwobulok.biz,horodityrowoboni.biz,uqikoxomyturo.biz,wyfokypynogipu.biz,sabumorazuh.biz,ofudylopixen.biz,episykuj.com,rodujuhocafy.biz

ivosupawy.biz,cesobagixisyn.biz,menizyxoxa.biz,ruqijireji.biz,ecymotolimybocos.biz,ozozoqimykoric.biz,fyvefiwo.biz,zehenivi.biz,lytevabasic.biz,ynegymeriw.biz,jytuvyducemek.biz,isucuzyzososare.biz

Thus, the malware tries to communicate with the first responsive C&C server from the above lists and, once it gets a response, it will start the SMS subscription process.

Another interesting service is com.mk.lib.MkPages which handles the CAPTCHA: after extracting the image from the subscription page, it’s sending it to http://antigate.com and then is waiting maximum 2.5 minutes to receive the text. Check the following highlighted text from the com.mk.lib.MkPages$doInBackground method, after deobfuscating the strings:

antigate.com

Let’s move now to the 2nd receiver, com.mk.lib.receivers.MkSms, which will be called before any other broadcast-receiver (due to its high-priority, 1000) whenever the device is receiving a SMS message. After decoding the strings from its onReceive method, one can see that this service is responsible with the SMS code and activation link extraction needed in the subscription process and, also, with blocking of further SMS messages coming from the subscription server:

MkSms

This is pretty much all about the internals of this trojan and, coming back to the Bouncer bypassing, we can see now that the malware passed undetected due to the delayed infection (i.e. is waiting 1h in order to start the subscription process).

In conclusion, no matter how smart the (automated) application checkers are, the bad guys will always find new and sophisticated methods to infiltrate malicious code even in official stores. In this circumstances, Avira is helping you to fight against potential malware – so don’t wait to be infected and install our free Android product today.

Source : blog.avira.com

Avira Tech Support : Blog

How safe are the apps on your Android ?

andriod-avira -security

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Privacy Advisor

As the name suggests it, the newest feature offered by Avira Antivirus Security for Android allows registered users to increase the level of privacy on their smartphones and tablets by avoiding and potentially uninstalling high risk apps.

The apPrivacy advisor - android appsps that are most likely to be included in this category ask for very sensitive and personal data related permissions during the installation process.

In worst cases, malicious apps can take advantage of SMS permissions to send premium messages and register users for unwanted services, sometimes leading to financial losses.

Even if there are applications that may have an important impact on the users’ privacy, some of them have a high number of permissions related to personal data because their purpose of being demands them. These applications may either be trusted by Avira itself (e.g. Community Trusted applications) due to the developer’s reputation and/or high number of downloads or can be trusted by the user himself if he knows for a fact that the app is not a security risk.

Coming soon… on Android Optimizer

Three months after releasing its Android Optimizer app, we already helped almost 500.000 users optimize the overall speed and performance of their mobile devices. Following users’ feedback, the app has already been localized to three more languages (French, Italian and Portuguese), making it easier to use.

In order to make the app even better, our mobile development team will soon release a version that supports an always-on widget, enabling users to instantly optimize their devices, at the tap of the screen.

12 million downloads and numerous awards

Avira’s efforts of enhancing mobile security are paying off, as Avira Antivirus Security for Android excels in all Independent Labs Test results. Only last month, AV-Test nominated Avira as “The best antivirus software for Android”, with 100% detection rates and a total score of 6/6 on Protection and Usability. PCSL also awarded 5 Stars for Avira in the April edition of its Android Malware Detection Test.

More than that, 12 million users have already downloaded Avira Antivirus Security for Android, making this the best reward for the Product team.

“Avira users should feel safe and protected on every device they use to connect to the Internet. My team has the important mission of securing their mobile devices and preventing all types of attacks from happening. As private data becomes an easier target on smartphones and tablets, protecting the users’ privacy is a top priority for us. We strongly believe that a feature like “Privacy Advisor” will make it easier for people to know which app is interested in their personal information and gives them the power to decide if they agree to share it or not” said Corneliu Balaban, Mobile Development Manager at Avira.

The newest version of Avira Antivirus Security for Android (version 4.1.3643) was uploaded on the Google Play Store and can be downloaded for free.

Source : blog.avira.com

Avira Tech Support : Blog

Give your PC some superpowers By Using Avira Antivirus

Avira-Antivirus-2017-Latest-Version-15.0.25

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

So now that I got this out of the way, here are two important observations by Captain Obvious:

1: This blog post is about shameless self-promotion.

2: You’ll be safer (and perhaps mildly amused) after having read it.

So here’s the newsflash: we’ve just launched a superhero campaign that’ll unleash your PC’s superpowers: www.avira.com/en/try-superpowers

The campaign offers our free Antivirus software, as well as free trials to premium software. Take a look at the short descriptions for your PC’s new superpowers:

Strength

Wield superior PC protection, forged deep within the A.V.I.R.A. labs. The process of forging summons otherworldly code, to withstand attacks from any breed of alien forces

Speed

Be one with an accurate, effective weapon – able to navigate and propel you with supersonic speed through cyberspace. Your PC will be faster, your boot up time—shorter, your streaming—smoother, your PC—cleaner and you’ll even free up space on your hard drive.

Stability

Control and stabilize your PC’s elements, with a driver updater tool that’s forged from the remnants of a star. Your hardware will run smoother, your gaming will be faster and it will help prevent system freezes and crashes.

And of course, the page gives you the option at the bottom to share it with your friends and family – just in case you don’t begrudge them your new-found superpowers.

Source : blog.avira.com

Avira Tech Support : Blog

Ex-NSA Guy Points to Mac Security Flaws

nsa-mac-security-flaws

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Whereas Apple develops its iOS with security a part of the process, with OS X development security seems to be more of an afterthought. ‘Bug bounty’ programs are one direction suggested for Apple, but until there is a change in the current approach, the vulnerabilities remain open to any would-be hackers.

At the recent RSA Conference in San Francisco, Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.

More advanced Mac attacks, such as the ‘Rootpipe’ backdoor, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.

AV-Test, a leading independent computer security testing firm, recently tested 10 different Mac OS X security software packages (you can read the full report here), writing that:

“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”

In AV-Test’s analysis, Avira Free Antivirus for Mac earned a 100% detection score against 160 new Mac-specific viruses and malware. If you’re taking chances with no security on your Mac, do yourself a favor and take care of it right now.

Source : blog.avira.com

Avira Tech Support : Blog

Regin: Is Government Malware Stoppable After All?

avira-antivirus-suite-malware-url-blocked

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

What is Regin?

According to Virus Bulletin, we are looking at a multi-staged threat (like Stuxnet) that uses a modular approach (like Flame), a combination that makes it one of the most advanced threats ever detected. Researches show that Regin has been used in espionage campaigns for the last 6 years. This sophisticated backdoor Trojan affects Microsoft Windows NT, 2000, XP, Vista, and 7 and it is able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization.

Regin mainly affects companies, research institutes, governmental organizations, and individuals who have access to networks of special interest. This is why Avira has worked together with the German Federal Office for Information Security (BSI) to add new Regin detection routines to the widely implemented and proven tool Avira PC Cleaner.

How can the Avira PC Cleaner help me?

The tool can now detect the identifiable elements of Regin and remove them from the infected system. “PC Cleaner came about as a result of the German anti-botnet “botfrei.de” initiative which is backed by the BSI. The software was also further developed with the support and know-how of the BSI. Users now have an easy-to-use tool available to them which can track down Regin malware”, explains Dr. Dirk Häger, head of operational network defense at the BSI. If PC Cleaner detects Regin, the affected system can be cleansed and the relevant files quarantined. Even after a successful system cleanup, it is worthwhile running further scans to make absolutely sure that Regin has not infiltrated other areas of the network. This also makes PC Cleaner an early warning tool. If Regin is detected, affected organizations should definitely think about taking further steps to protect their IT infrastructure.

The really unique feature about Avira PC Cleaner is that it doesn’t need to be installed. This means there are no conflicts with other vendors’ antivirus solutions installed on the computer. As such, PC Cleaner gives users the chance to get a second opinion. This is why it is also called a 2nd opinion scanner, although it isn’t a replacement for a fully-fledged antivirus solution. As a result, PC Cleaner is ideal for detecting Regin and for checking the computer for any other malicious software. It is based on the proven malware detection capabilities of Avira antivirus solutions of which there are millions of installs.

Source : blog.avira.com

Avira Tech Support : Blog

How to Prevent Holiday Shopping Hacks

avira-antivirus-2017-on-demand-scan

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

As the holiday times approach, many of us increase our online shopping. But if the 2014 year taught us anything, it is that online criminals have figured out that hacking into the IT systems of retail stores is an easy way to make money. This year there were no fewer than a dozen major retail stores whose customer data was stolen or whose POS systems (Point of Sale systems… their electronic cash registers) were compromised in order to steal customer credit card numbers.

You’ll recognize most of these retailer brands whose customer databases have been breached this year:

  • Home Depot (56,000,000 customer records stolen)
  • Target (40,000,000 records stolen)
  • Michaels Art Supplies (2,600,000 records stolen)
  • Neiman-Marcus (1,100,000 records stolen)
  • Goodwill Stores (868,000 records stolen)
  • UPS Stores (105,000 records stolen)
  • K-Mart (unknown; investigation continues)

In addition, several major retailers have had their POS systems hacked:

  • Dairy Queen (400 stores hacked)
  • Jimmy Johns (200 stores hacked)
  • SuperValu (180 stores hacked)
  • F. Chang’s (33 stores hacked)
  • Staples (unknown; investigation continues)

The burden of security ultimately rests on your shoulders. So here are five simple things you can do to protect yourself from holiday shopping hacks:

1. Shop at trusted online retailers

Search engines will lead you to that perfect present no matter where it is, but if you’ve never seen or heard of the retailer before then think twice before entering your credit card and all your personal information.

2. Don’t shop from the free café Wi-Fi

Public, unsecured Wi-Fi access points can be very easily tampered with; the person sitting next to you could be sniffing and recording every transmission, using simple algorithms to identify credit card numbers and ID information. Use a secured Wi-Fi and/or a VPN for your shopping. Consider also using a dedicated e-mail address just for shopping.

3. Use a credit card instead of a debit card

Credit card companies usually have policies in place to protect users from fraud and limit your personal liability. In addition, many credit card companies offer extended warranties and return policies during holiday shopping season.

4. Be careful where you click

Retailers ramp up their e-mail marketing during the holiday season, but e-mails can be easily spoofed by hackers. Instead of automatically following the URL link from an e-mail offer, consider going directly to the retail vendor’s website and then looking for the product you want. Also be aware of phony emails from UPS and other shippers claiming that “your package could not be delivered.” Often these e-mails contain attachments that install spyware and keyloggers.

5. Patch your computer before you go shopping

If haven’t got around to installing that software patch or antivirus security update, now might be a good time to do it. Most hacks prey on the short window of time between when a vulnerability is discovered and when the software vendors patch the hole. If you are not installing the patch, then the hole is still wide open on your computer and you are just asking for trouble.

If you are worried that your personal identity might have been exposed in recent data breach or hack, you can use Avira’s free Identity Safeguard tool to check: it is included free in both Avira Mobile Security for iOS and in Avira Antivirus Security for Android).

Shopping online is actually safer now than it has ever been before, so just take a few precautions and enjoy the holidays!

Source : blog.avira.com

Avira Tech Support : Blog

AT&T Stops Attaching Tracking Files to Mobiles

AT&T-Stops-Attaching -Tracking-Files-to-Mobiles

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The secret codes in tracking files, known as ‘header enrichment,’ consist of strings of numbers and letters that are appended to all data traffic that is transmitted from the phone. The header enrichment codes are used to track customers’ website visits and also which apps they use in order to provide advertisers with targeting information. The codes don’t contain personal identity information per se, but because they are unique to each customer and are transmitted along with any personal identity information that a customer voluntarily provides – such as name, address or phone number – together they create a sort of digital fingerprint that could be exploited.

AT&T said it ended the tracking files because its test project has ended. But competing mobile operator Verizon has a similar tracking number system in place, which Twitter’s mobile advertising division uses to target ads.

If you want to know if your mobile carrier is tracking your device, visit this page on ProPublica.org (go there from your mobile device) and click on the box that says ‘Does Your Phone Company Track You?’

Header enrichment technology was developed because traditional web cookies are a challenge for tracking apps on smartphones and tablets. The Open Mobile Alliance adopted an industry standard for injecting the codes in 2010. In response, Google has proposed an alternative Web protocol that prevents such header injections which, of course, the mobile industry is lobbying to defeat.

Avira’s security software for Android and iOS can scan your apps and emails for malware, and also block Trojans and stop Ransomware from restricting access to your data. Check out Avira Mobile Security for iOSor Avira Antivirus Security for Android for free protection.

Source : blog.avira.com

Avira Tech Support : Blog

Avira wins Virus Bulletin best AV detection award

virus-bulletin-best-av-detection-award

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

This represents a streak for Avira wins for best AV detection rates and superior product quality. This latest Virus Bulletin VB100 testing took place from October 2013 to April 2014.

Free, yet fast and reliable

The Avira Free Antivirus was complimented for being fast and user friendly as the Virus Bulletin lab experts concluded “it installs fairly rapidly, and presents a slick and attractive interface which is simple to operate and provides a fairly complete set of controls.”

Recent improvements to the core product were credited with quick scanning speeds, with very light computing overhead. Just like in the previous rounds of testing, “detection was as excellent as ever, and this solid coverage extended to the certification sets.”

All of these features helped our free antivirus maintain an excellent record of passes with 0 fails registered by the Virus Bulletin testing.

Keeping it professional

The strong performance of Avira AV was confirmed by the lab’s review of our Professional Security Antivirus as well: “the interface has the same professional feel and sensible layout, and the installation process is also very speedy and simple.” Just like for our free solution, our detection got a perfect score of 100. The testers also complimented the new fine-tuning options that contributed to good scanning speeds, very little lag time and low resource consumption.

An impeccable track record

Our whole team is super excited about continuing the streak of awards for superior protection and product quality. “It is the fifth consecutive VB100 Award we achieved in the last 12 months and shows that we have sustainable high detection rate with zero false positives in the Virus Bulletin tests” said Philipp Wolf, our Executive Vice President Protection Labs.

We’re proud of these results and are honored to have been recognized with this award.

Find out more about VB100 (virus) test procedures and you can read the full Windows 7 report available in the latest edition of Virus Bulletin.

Source : blog.avira.com

Avira Tech Support : Blog

Mobile threat landscape — is Android really safe?

android-really-safe

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Emerging mobile threat landscape

We are already seeing the effect. For example, the number of mobile viruses tripled over the past year to now measure 2.6 million by our latest count.

They are facing PUA (potentially unwanted applications) for example. There are also apps that collect a heavy-handed amount of personal data, or others that spam users with unwanted messages and notifications. This is what we call the ‘grey area’ of mobile software. Android users are particularly affected.

Security industry is evolving

Even so, one of the current industry debates calls into question the need for providing mobile security software, such as Android Antivirus, based on the supposedly high level of security in app stores.

At Avira, using complex generic detection algorithms, we have been able to identify a daily average of a few thousand apps containing adware on Android, not to mention several hundred malicious apps that we classify as either PUA or malware.

We recently took for example a sample of 30,000 apps which we define as malicious, PUA, SPR or aggressive adware. Of these apps 13,011 were found on Google play, where 233 were malware and the rest falling into the other threat categories.

Our mission at Avira is to protect users against all threat vectors, whether PC, tablet or smartphone. Given most people now take their devices to work, we also no longer believe the problem fits neatly into a consumer vs. business box. It affects everyone.

The battle against security threats in mobile ecosystems like Android is only beginning. It promises to be larger and more sophisticated than the PC one ever was.

Source : blog.avira.com

Avira Tech Support : Blog

We are growing – both in business results and teams

install-avira-free-antivirus

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

As our business grows along with our core mission to protect our hundreds of millions of users across their entire digital lives (e.g., Avira Browser Safety, Avira for Android), we are expanding several teams.

These teams are located in our two German offices, Tettnang HQ and our newest location in Munich, as well as in Bucharest. Our Bucharest subsidiary and R&D centre just this year also celebrated its 10th anniversary.

We are scouting for talented people who can master state-of-the-art technologies like Hadoop, Android or Couchbase. Our recruiting process has gained an extra degree of internationality recently as we begin to draw engineering and business talent from outside of traditional engineering recruiting hubs of Silicon Valley and Europe.

Naturally we are striving to find the best match for each of our openings. For example, our desired Hadoop Engineer should be a database engineer who will be in charge with scaling our mission-critical infrastructure and real-time services that power our consumer applications. Or say we wish to hire a JavaScript expert who will develop exciting new applications of high quality standards, and will ship end-user-facing applications to hundreds of millions of users.

Another position is the Product Manager that will be responsible for launching some of Avira’s most strategic products from vision to feature-section and road-map to a successful start in the market place.

We are also looking for an experienced Machine Learning Engineer who will help us build solutions that enhance the richness and quality of our product utilising machine learning algorithms and other  big data analytics techniques.

Besides growing the company’s current staff, we have the opportunity to build from scratch two new teams. We are building a Mobile Development Team with focus on Android and technologies like Java. Here, we are looking for a dedicated Mobile Development Manager and passionate Mobile Developers that will be responsible for delivering Avira’s Mobile Security Solutions.

At the same time, we are developing a multi-lingual Customer Service Team in order to offer 24×7 support to our global user-community. We want to find technology enthusiasts with knowledge of the following languages: Dutch, Spanish, Italian, French, and Portuguese. Also, we are looking for a Call Center Operations Manager and a Call Center Business Performance Analyst.

All our openings are detailed on the Avira Career page. Please feel free to check them and spread the word to your network.

 

Source : blog.avira.com

Avira Tech Support : Blog