Tag Archives: Threat Research

CyberCapture: Protection against zero-second attacks

This week we released a new version of our core PC antivirus product, which we refer to as the Avast Antivirus Nitro Update. The update’s name is Nitro, because it is filled with innovative, new ways to increase speed and increase protection. One of the new ways we are increasing protection is with a cool new proprietary technology called CyberCapture. CyberCapture dramatically raises the bar when it comes to protection against zero-second attacks.

IMAGE_nitro_cyber_capture_infographics_600x500px.jpgCyberCapture looks at the smallest bits of a file to determine its safety

Let me explain how it works, and take a look at the infographic below which shows the path of an unknown file.

The newest phishing spam: “Security Alert!!!”

Guess who hackers disguised themselves as in a recent phishing campaign? That’s right Avast! A laughable fake Avast alert email is trying to harvest webmail addresses, being sent out via a spam message and leading to several domains where attackers have prepared a simple form to collect victims’ email addresses and passwords.


Received spam in a phishing scheme impersonating Avast

Adware on Google Play: Knock-off FIFA apps take advantage of football (soccer) hype around Copa America and Euro Cup

Copa America Centenario and Euro Cup are starting this Friday and next Friday, respectively, and everyone across the Americas and Europe are in the football/soccer spirit.

I found four soccer/football apps on the Google Play Store, all with the same or similar names, that are pretty bad knock-offs of the popular FIFA app. All four apps have negative reviews claiming the apps do practically nothing but display ads. Clearly, the person or people behind these apps only intention is to make money and not to deliver quality apps.

I dug a little deeper and despite the fact that these four apps were uploaded under different developer names, they seem to be developed by one developer. All four apps have the same dex files and manifests. Each developer name has only uploaded one app and there are no links to any developer homepages.

Ad heavy soccer apps on Google Play

I decided to test each app to see if the negative reviews regarding the ads were true and unfortunately, they are…

Android Banker Trojan preys on credit card information

An Android Trojan is spying on its victims and even tricking some into giving up their credit card information.

Most of today’s malware authors create malware for one of two reasons: either to make money or to steal valuable data. In this blog post, we will show how an Android Trojan relies on social engineering. Social engineering tactics are used to trick people into performing an action, like clicking on a link or downloading an application. The person being tricked thinks they are doing something innocent when they are really clicking on or downloading something malicious. This malware is associated with the banker family as it tries to steal user’s credit card information.

Once installed, the Banker Trojan puts an icon in the launcher.The app name shown with the icon can vary from sample to sample — some of the names we have seen were : AVITO-MMS, KupiVip and MMS Центр (MMS Center).

New fresh phishing campaign hits Facebook

A new phishing campaign takes advantage of Facebook’s security measures in order to appear legitimate. In this case, the creators of the campaign have created an app which is, in essence, a simple <iframe> that displays a fraudulent version of Facebook’s login page. Cybercriminals are abusing the Facebook application platform to carry out phishing campaigns against users which appear legitimate thanks to the fraudulent use of Facebook’s own Transport Layer Security (TLS) security certificates, a protocol used to help keep domains and user communication secure.

The phishing web site is hosted on hxxp://gator4207.hostgator.com/~labijuve/a2/, which leads to a identical yet fake copy of Facebook’s verification page.Despite the resemblance that the iframe bears to Facebook’s actual webpage, the differences between the two sites become obvious when they’re displayed next to one another.