Author Archives: Avast Blog

Android Banker Trojan preys on credit card information

An Android Trojan is spying on its victims and even tricking some into giving up their credit card information.

Most of today’s malware authors create malware for one of two reasons: either to make money or to steal valuable data. In this blog post, we will show how an Android Trojan relies on social engineering. Social engineering tactics are used to trick people into performing an action, like clicking on a link or downloading an application. The person being tricked thinks they are doing something innocent when they are really clicking on or downloading something malicious. This malware is associated with the banker family as it tries to steal user’s credit card information.

Once installed, the Banker Trojan puts an icon in the launcher.The app name shown with the icon can vary from sample to sample — some of the names we have seen were : AVITO-MMS, KupiVip and MMS Центр (MMS Center).

Can your bad passwords cost you money and cause trouble?

From football stars to cheating spouses, using easy-to-crack passwords puts everything from your livelihood to your relationships at risk.

passwords should be long and strongChange your passwords regularly and don’t share them with others

A tweet showing top NFL draft pick Laremy Tunsil taking a hit off a bong through a gas mask cost him upwards of $13 million. Tunsil’s Twitter account was allegedly hacked at the worst time – just minutes before the draft began – making his fall from the first round to thirteenth swift, decisive, and oh, so costly. Minutes after that, his Instagram account was hacked to show screenshots of a text conversation implicating Ole Miss in NCAA rule-breaking that will likely end up in an investigation.

This mind-boggling turn of events in what should have been a night of triumph for Tunsil and his university has a lesson for the rest of us.

New fresh phishing campaign hits Facebook

A new phishing campaign takes advantage of Facebook’s security measures in order to appear legitimate. In this case, the creators of the campaign have created an app which is, in essence, a simple <iframe> that displays a fraudulent version of Facebook’s login page. Cybercriminals are abusing the Facebook application platform to carry out phishing campaigns against users which appear legitimate thanks to the fraudulent use of Facebook’s own Transport Layer Security (TLS) security certificates, a protocol used to help keep domains and user communication secure.

The phishing web site is hosted on hxxp://gator4207.hostgator.com/~labijuve/a2/, which leads to a identical yet fake copy of Facebook’s verification page.Despite the resemblance that the iframe bears to Facebook’s actual webpage, the differences between the two sites become obvious when they’re displayed next to one another.

Avast security news wrap-up

      No Comments on Avast security news wrap-up

 

Get your Avast update on hot topics like WhatsApp privacy, hacks on WordPress and Joomla, Android exploits, and more.

Woman using WhatsAppWhat WhatsApp’s new end-to-end encryption means for you

The popular messaging app, WhatsApp, has improved its privacy by encrypting all the messages that are sent with their service. We explain what this means to you and how to make sure you and your friends benefit from the higher security standards.