Certifi-Gate: Open door to access millions of Android devices Without permission

android-target-money-malware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The recent glut of Android vulnerabilities hasn’t reached the end. Yet another one has popped up on the platform of choice for hundreds of millions of users. Recently, a mobile research team at Check Point Software Technologies documented under the code name ‘Certifi-gate’ an array of vulnerabilities hidden in the layer between mobile Remote Support Tool apps (mRST) and system privileged areas on an Android device. In some cases, mRST apps are preloaded on devices by cellular operators and/or vendors to ensure they can provide their customers faster and more efficient technical support for their devices, when and if needed; but these support plug-ins can also be installed later from Google Play.

An attacker could build a malicious application to masquerade as the original remote supporter with system privileges on the device, and therefore obtain untethered and silent access to highly sensitive resources like storage, contacts, photos, geo-location, microphone etc.

Am I at risk?

Avira Vulnerability Checker app is designed to accurately detect whether your device is susceptible to a host of exploits, including the newly-discovered Certifi-gate.

In seconds after install you will have a clear indication whether you’re safe or not.

How can I protect myself?

If test above turns positive, then:

  • If your device came preloaded with the troublesome support plugin, it’s impossible to remove the affected components or to work around. The advice here is to make sure that your device always runs on the latest Android version that’s crafted for it. If this is already the case, you should contact your device manufacturer to receive information regarding security updates.
  • If the remote support plugin that puts you at danger was „retrofit” by you, make sure this is up to date. If it’s already running the latest version, we encourage you to uninstall it until its maker builds in the patches that closes down the vulnerability.

On top, we insist on adopting these prophylactic measures as a natural practice for your mobile digital life:

  • Use a mobile security solution. Avira offers one of the most efficient and robust security & mobile antivirus products, for free: https://play.google.com/store/apps/details?id=com.avira.android
  • Examine carefully each application before installing it to make sure it’s legitimate, and only install apps from trustworthy sources, such as Google Play.

Source : blog.avira.com

Avira Tech Support : Blog

Support Scam: Your browser has been locked for support (that you just don’t want)

support-scam

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

With viewers’ browsers as a target, online scareware/scam pop-ups keep spiking in early August. The typical message for the latest wave of scareware promises users that the website has updated browser support and that these users need some special help to get back online. Along with this message, the scam often maximizes the browser and makes it impossible for the user to close it or click anywhere else.

We call it a support scam. The notices claim to have a malware infection or similar and try to scare the user with this news. These pages are absolutely annoying for the customer. While some may not be directly harmful, others redirect users to adware applications. — Oscar Anduiza, malware analyst at Avira.

The newest wave of support scam has the Avira Protection Services racking up over a hundred thousand new detections daily in early August. 

Crossing the grey line

While support scam can appear out of nowhere if you surf to “normal” sites it most often happens in the grey zone where users are streaming online content that may or may not be completely legal.

We see this more commonly in the grey/dark zone. Especially with the illegal movie and TV streams that are streaming copyrighted content like Game of Thrones, and on some porn sites.  — Oscar Anduiza, malware analyst at Avira.

Most of them are related to some kind of advertisement redirection or pop-up.

Keeping that browser clean 

Even if not visiting illicit streaming sites, there is a chance that a service scam will be encountered. However, staying secure is not too complicated.

  • Have an Antivirus installed and up-to-date. This will help ID and stop any additional malware from being bundled with the service scam.
  • Listen to your Antivirus. If the Antivirus signals that something is not quite right – even if it messes up that streaming experience – listen to it.
  • Stay updated. Think of it as a vaccination. The more up-to-date your device is, the less apt you are to catch something nasty.

Source : blog.avira.com

Avira Tech Support : Blog

BKA: Database with 500 million login credentials found – Are you there?

bka-500-million-login-credentials

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

A stash of 500 million login credentials, including email addresses and passwords, has been found says the German BKA (BundesKriminalAmt – Federal Criminal Police Office) on its website. The database was found on an “underground economy platform”. Yes, 500 million is a huge finding!

More details provided by the BKA? Unfortunately not really…

Unfortunately, the press statement (in German only) doesn’t say where the data comes from and therefore it’s not possible to give more precise details about this finding. Perhaps the BKA found the same database 1.5 months after Bob Diachenko’s finding. His find included data from LinkedIn, Dropbox, Lastfm, MySpace, Adobe, Tumblr, Badoo, and much more.

To check if your login credentials are included, the BKA recommends that you visit the website of the Hasso-Plattner-Institute and use their Identity Leak Checker tool. After you’ve entered your email address, you’ll receive an email including the result. If you really want to be sure your login credentials are not compromised you should also check them against haveibeenpwned.com.

How to protect yourself in the best possible way

Even if you don’t find yourself in these data sets, the sheer amount of stolen credentials alone should make you think about your account security. The following tips should help you to protect your accounts even more:

  • Passwords such as 1234 are a no go. You also shouldn’t use any other password from our list of the worst passwords of them all.
  • You should change your passwords on a regular basis – yes, even the passwords of your email accounts.
  • A password manager simplifies your life and you just have to remember one password: The master password.
  • Whenever possible, you should activate the 2-factor authentification of your accounts. It might be less convenient but it’s way more secure.
    • An antivirus also ensures that trojans, keylogger, and similar malware don’t have a chance on your devices!
    • It’s essential that programs and software are up-to-date! Security gaps in applications are one of the biggest security risks for your devices. If you don’t have the time or if you’re not in the mood to take care of this, then use a Software Updater.

    Sounds like work? It is! But with the previously mentioned tools, you will be able to reduce your efforts to a big possible extent — and we also offer an all-in-one package: The Avira Free Security Suite includes all related to your protection, privacy, and performance. If you’d like to enjoy some more services we’re also offering Avira Prime.

Source : blog.avira.com

Avira Tech Support : Blog

A short time ago, in a Galaxy, Mac, and Windows device not far, far away

luke-filewalker

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

There is an upheaval in the Force and Luke File walker is on the move. A malicious horde from the Dark Side has invaded, subverting minds, stealing data, and emptying bank accounts. To counter this threat, Luke is going through millions of devices, scouring them for suspect code and cleaning up the damage left behind. He is guided on this critical journey by the whispering of the Force, the power of artificial intelligence, and a small support crew at a remote outpost.

Luke Filewalker is alive and active…

…and we don’t even need that missing  map piece of the right star system to find him. He has been located on one relatively insignificant planet rotating about a star in the Orion arm of the Milky Way galaxy which is itself in the Local Galaxy group within the Virgo Supercluster of galaxies.

Got that? It’s the third rock from the sun – not the red one.

Luke Filewalker is the auto scan and repair component within Avira Antivirus. Every week, Earth week that is, Luke automatically checks the millions of computers where Antivirus has been installed and looks for signs of the Dark Side. If he finds anything suspicious, he can root it out himself or call in reinforcements. And if Antivirus detects unusual signs of Dark Side activity with its real-time protection elements, Luke will jump into action as needed.

His origins within Avira Antivirus have been lost in the murky beginnings of the Computer Era. “‘Luke Filewalker’ is definitely more than 20 years old and was already in use on a lot of different operating systems,” said Sven Carlsen, team leader of disinfection services at the Avira Protection Services.

A short time ago, in a Galaxy, Mac, and Windows device not far, far away …

In each covered device, Luke Filewalker is there to do a quick, full, or other custom scan. The quick scan looks into the most important and essential system locations. It also checks the usual infection paths used by malware. The full scan goes over the complete system. And the other is for customized scan profiles on the device such as scanning “My Documents” or a scan of removable devices. The decision to run each type of scan is primarily automated within Avira Antivirus (when certain requirements are met) without requiring user involvement – unless the user wants to start a special scan.

Once the scan is finished and it detects a malware or unwanted application, the repair will start working. The repair will look for all the leftovers from the malware in order to fix and clean up the mess left by the malicious file.

Luke’s discoveries have varied over time as the forces of the Dark Side have shifted from relatively primitive Trojans into botnets enslaving millions. “He discovers all the threats that we tell him about through our AV engine and AI analysis. Currently, his most common discovery is ransomware,” pointed out Sven.

Luke listens to the Force for directions on discerning the identity and intent of suspect code. Otherwise known as the Local Decider, this Antivirus component decides if suspicious files need to be uploaded to the Avira Cloud – not the Oort one — for additional analysis. After AI discerns whether the file is, in fact, malicious or harmless, the message is sent back to the individual device and Luke steps into action as needed. This information about a potential new threat is then relayed to other Avira Antivirus users.

He is visible as Luke Filewalker only for the Windows version of Avira Antivirus. The scanning services in Mac and Android Avira Antivirus remain incognito. But even if you don’t see him – the Force is still with you – and your device.

 Source : blog.avira.com

Avira Tech Support : Blog

Worldwide botnet Avalanche smashed

botnet-avalanche-smashed

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

According to Europol, victims of malware infections were identified in over 180 countries. The monetary losses associated with malware attacks conducted through the Avalanche botnet are estimated to be in the hundreds of millions of euros worldwide. Computer users can check their devices with the Avira PC Cleanerto see whether their device was infected and part of the botnet. The free tool scans the computer and removes the malicious software. Users who already use Avira anti-virus software are protected against the botnet.

Within the Avalanche botnet, a total of 20 different botnets have been identified. The targeted activity of the international criminal gang was distributing spam and phishing e-mails, as well as spreading ransomware and banking Trojans for tapping account and transaction data as well as stealing passwords.

To play safe: what PC users should do now

Check and clean the PC

If you do not have an anti-virus software installed, you should check your computer for a possible infection using, for example, the free Avira PC Cleaner. If the computer is infected, Avira PC Cleaner will remove the Avalanche botnet code. Avira PC Cleaner also detects if other malicious software is on the computer and will also remove it as well.

If you already have an anti-virus software installed and want to be safe, you can also use Avira PC Cleaner as a “second opinion” to check your system.

Change passwords

After cleaning your PC, change all passwords for online banking/shopping, payment services, e-mail, social networks, and other applications.

Check the Windows security settings

Open the maintenance center via Start -> Run -> wscui.cpl and check that the network firewall, antivirus, spyware protection, and Internet security are all fully active.

Install antivirus software

To protect against future cyber attacks, we recommend installing an antivirus software. With the free Avira Free Security Suite, your PC is reliably protected against botnets and a wide assortment of malicious software. In addition, you can optimize PC performance and securely surf through a VPN client in public Wi-Fis.

 Source : blog.avira.com

Avira Tech Support : Blog

Gooligan steals more than 1m Google accounts

gooligan-steals-google-accounts

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

You may have read or heard about an Android malware attack campaign named Gooligan.

What is Gooligan about?

The main purpose of Gooligan is to steal Google accounts from devices with Android 4 (Jelly Bean, KitKat) and 5 (Lollipop). Later these accounts are used to promote, rate, and download apps from the Google Play Store – making it a huge advertising fraud scheme. Gooligan roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

That vulnerabilities are used for exploiting a mobile device and putting malicious programs on it, it isn’t something special. It’s a very popular method to compromise a system. And that’s the reason why protecting and updating your system is so important in our digital life. — Mikel Echevarria Lizarraga, Malware Analyst at the Virus Lab at Avira.

According to Checkpoint there are more than 80 malicious Gooligan apps. These apps have stolen more than 1 million Google accounts – and the number is increasing by 13,000 accounts per day!

Google’s director for Android security already published a statement on Google+:

Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we’ve worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. — Adrian Ludwig, Google’s director of Android Security

Where do these apps come from?

The apps are found in 3rd parties stores, a fact that many may see as a relief. But it’s not! Users can be redirected to these apps while browsing the net and then be asked to install them – and a lot of them do.

Checkpoint states that 57% of the infected devices were detected in Asia. We recommend you to not relax or get comfortable nonetheless because this doesn’t mean that just Asia is being affected by “untrusted” download stores. Untrusted download stores are everywhere, they’re a dime a dozen on the internet. So if you are using other stores beside Google Play you will increase your risk for being affected – no matter if you’re in Asia or not.

We have your back!

Avira free Antivirus for Android has already been protecting you against this threat for several months. Download the app on Google’s Play Store for free!

We also recommend to check the configuration of your Android device, inside the settings > security menu. The options “Unknown sources” and “Verify apps” should be enabled by default. This will avoid the accidental installation of these malware applications.

Source : blog.avira.com

Avira Tech Support : Blog

The new Avira Phantom VPN: Stop exposing yourself online!

phantom-VPN-PR-BLOG

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Avira is now protecting users from exposing themselves online with the release of its new Avira Phantom VPN (Virtual Private Network).

Avira’s Phantom VPN for Windows and Android keeps you covered – virtually, of course – by encrypting all communications between your device and the Internet, shutting eavesdroppers out from your private communication and stopping cybercriminals from capturing your data. Avira Phantom VPN also masks your devices’ true IP address, enabling you to browse anonymously and helping you unlock geo-restricted content.

Unsecured public WiFi networks are known to be vulnerable to virtual Peeping Toms, but the use of VPNs among consumers is still shockingly low. A BITKOM survey on cybercrime found 68% of users had antivirus software installed on their devices – but only 9% used a VPN.

Without a VPN, data packets sent to your devices can be sniffed out and read by a passerby (‘man-in-the-middle’ attack) or captured from the router itself. This captured data can be more than that embarrassing message content, these packets of data also tell where you are and give out details about your device.

But with the Avira Phantom VPN, your data packets are placed in a secure and encrypted envelope – something like certified mail. For this reason, VPNs are a mandatory component in most corporate laptops used for travelling and remote office log-ins.

“As more people bring their laptops into cafes and log into banking sites and online accounts from their smartphones, they risk exposing themselves online,” stated Melanie Weber, head of the VPN project at Avira. “We’ve made Phantom VPN free and very simple to install on both your Windows and your Android devices. There’s no reason not to get it today.”

Avira Phantom VPN provides superior benefits in four major ways:

• Protects your individual privacy. Without a VPN, online activities are being constantly tracked and analyzed. With Avira Phantom VPN, you can control what personal data is collected.
• Secures and anonymizes your browsing. Avira Phantom keeps others from eavesdropping on online activities and the data exchanged with friends, online shops, and banking websites.
• Opens up the internet. Some news channels, social media, and video-streaming websites cannot be accessed from certain regions and countries. Avira Phantom unlocks these geo-restrictions.
• Applies across all your devices. Phantom VPN can be used on almost all devices, including PCs with Windows 7 or newer operating systems and Android devices running 4.0.3 and above

The Avira Phantom VPN is available free to all users, both for registered and unregistered users at http://www.avira.com/en/avira-phantom-vpn.

Unregistered users have a data allowance of up to 500 MB/month and registered users with a higher limit of 1GB/month. Users subscribing to the Pro version also receive unlimited data traffic.

Source : blog.avira.com

Avira Tech Support : Blog

Avira has just launched AppLock+ your Android world – Avira Support

Avira-Antivirus-Pro-2015-Free-Download

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Avira has just launched AppLock+, the app that puts you in direct control of what, where, and when each app is used on your Android  – even when the device is off at school and out of arms reach.

AppLock+ lets you restrict app activity by your choice of PIN password, time of day, or even the device location. In addition, you don’t even need to have your device in hand as AppLock+ allows you to remotely manage devices with the Avira Online Essentials dashboard.

”AppLock+ answers the essential problem faced by parents around the globe: How we  keep  children from playing with smartphones or accessing social media accounts during school hours, but still be accessible,” said Andrei Petrus, product manager at  Avira.

And it’s not just for parents, it’s also for the privacy conscious. “AppLock+ lets device owners decide what they want to share or not – solving Android’s weakness of a single default device lock,” points out Petrus.

AppLock+ gives users three big benefits:

  1. Parental Control – Smart controls with a soft touch

AppLock+ lets parents to set limits on their kids’ smartphone usage without being intrusive. Game and social apps can be blocked by time limits or blocked at the school door with Geo Lock restrictions.

  1. Privacy Protection – Share it on your own terms

With AppLock+ you decide how much someone with your device can access your apps and private data. Apps can be locked by PIN and managed individually or in groups.

  1. Remote management – Oversee device activities from anywhere

Applock+ includes Avira Online Essentials – the online dashboard in our consumer and business antivirus security products – to let device owners remotely manage app use.

AppLock+ is free for downloading at the Google Play Store and the Avira website. The Geo Lock and other features are available only with the premium product.

It’s your device, it’s your choice with AppLock+.

Source : blog.avira.com

Avira Tech Support : Blog

Android: The phone is not the target, your money is

android-target-money-malware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Having grown in popularity, Android devices are naturally the favorite target of cyber-criminals. They are concentrating their efforts in breaching the Google developed OS. The lack of attention that many Android users have is also being manipulated. A key factor is that users aren’t paying attention to what they are downloading from Google Play Store. Many devices are getting infected with malware that gives itself root access after being downloaded, followed by an immediate start of malicious operations.

The most-known malware for mobile platforms is currently the Locker ransomware. It usually starts as a “message” from law enforcement agencies like the FBI, BKA, LKA and they use various tricks to obtain payment from their victims. This malicious software is becoming more and more professional, even offering up alleged “examples” of user misdeeds that could be used as evidence against the user to ensure that payment is made as quickly as possible. The bitcoin payment methods used make it next to impossible to either trace or to recover the ransom money.

But how do you get rid of this malware from your Android device?

One of the most important steps in reducing potential damage from malware is to make a weekly backup of the most important files on the Android device. In this way, after a user restarts in safe mode, the most important data on the phone will remain untouched. Beyond that, the default factory settings may have to be restored if it is not possible to make the device work again due to the malware intrusion.

Most attacks on Android have a clear purpose: making money from users. That is why only a small amount of the malware is focused on directly attacking the phone. The growth curve is developing similarly as it  happened with Windows; as Android becomes more known and apps are more easy to develop, cybercriminal attacks increasingly focus on it. Although they are still, at least at the moment, far lower than the attacks on Windows PCs, the numbers of these attacks are quickly rising over time.

Security you can trust

At Avira, we have developed a free security system for Android which is available in the Google Play Store. Independent testing labs have found that Avira Free Antivirus for Android has a superior detection of mobile device threats when compared to most paid solutions. Also,  Avira prevents unwanted premium calls (a prime way that cybercriminals make money from mobile malware), blocks banking Trojans, and stops Ransomware from restricting access to data or encrypting it. Free Antivirus for Android also includes features that protect your e-mails and browsing and. It contains the Android Optimizer which accelerates the phone’s operation by freeing up extra memory (RAM), protecting your privacy, and extending the device’s battery life.

Source : blog.avira.com

Avira Tech Support : Blog

Locky ransomware is dead, long live Locky

ransomware_is_dead_long_live_locky

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The first wave of Locky has passed, but the ransomware is still being distributed globally and within the DACH region. While this secondary distribution seems to be smaller than the first wave, the financial success of this malware for its authors and distributors gives us some clues as to what features will likely be included in the NEXT rounds of malware. “Follow the money” was the key phrase in All the President’s Men, Robert Redford’s classic film on Watergate — and this very much applies to malware. These clues from Locky are a mix of technical, distribution, and operational features – and should be a warning for computer users and companies planning their defensive strategies.

1. Drive me baby – Locky encrypted all drives on computers and networks – even the unmapped drives and shares. This expanded reach for encryption is expected to be included in future ransomware variants.

Response: Have a solid backup plan in place, ideally with a cloud service, as they offer file versioning and rollbacks. For consumers, having a spare HDD/SSD for a local backup is fine – but only if the harddisk is disconnected after the backup is finished. This also protects the backup against damage from other dangers like lightning-caused electrical surges.

2. New money from old tricks – Locky went to work by directly using macros in Word documents – and also by tossing in a bit of social engineering to get document recipients to activate the macros. That is quite old school – but it worked and was profitable for the cybercriminals.

Response: While zero-day threats are sexy, don’t forget to do the basic protection against continuing vulnerabilities such as macro manipulation. Consider enabling only digitally signed Office macros and disabling the rest. For corporate networks, this can be done in a way where end users are not able to see this option.

3. What the FUD! – In the early moments of the Locky onslaught, security publications pointed out the low detection scores in VirusTotal by most antivirus companies. This is a valid – but incomplete – look at the situation. We consider Locky to be FUD-level malware (Fully Undetected Malware), which means that the malware files were “optimized” until no AV scanner detected them anymore. Cybercriminals are testing their malware samples against the publicly available detection in VirusTotal – or against private and internal testing systems that in a similar way. The low detection scores have to be read with caution. Only some of the AV firms have cloud detection or other advanced detection methods in their products enabled on VirusTotal – sometimes, just as in poker, it is better to not show your full capabilities.

Response: Be skeptical about everything and always keep your eyes open.

4. Wisdom from the cloud – Avira detects Locky on several layers within its cloud detection and analysis. At the Auto Dump layer, Locky is being detected after layers of obfuscation have been removed. In the Night Vision machine learning layer, files are scored according to around 7,000 features, allowing us to catch malware in a very efficient way. In case that other detection layers catch the malware first, the Night Vision system will dynamically learn about the sample within a few minutes, and subsequently cover variants of this malware sample. In addition, the cloud analysis is out of reach for the cybercriminals.

Response: For complete protection, make sure that the cloud protection in your AV is fully activated. We feel this is so important, we’ve automatically included our consumer users in the APC. Corporate clients must, for data protection issues, sign off that they approve the EULA before stepping into the APC.

Source : blog.avira.com

Avira Tech Support : Blog