Security Center
A new malware named 'Voice Changer Israel' found in the Android market.February 01, 2012
This week, the AVG Mobilation research team found a malware instance named 'Voice Changer Israel' in the Android market.
Fake it till you make it: Mobile Update Week 4
January 29, 2012
This week, the AVG Mobilation research team found a new variant of ‘Virus Scanner‘ malware that is found in the wild. We also published information about fake Android markets. We have seen recently the spread of fake Android official market and website. The fake android markets usually contain many (if not all of the them) malicious applications which can target the victim in the two places where it hurts the most – namely, money and privacy. Those are malicious versions of the legitimate applications created by the legitimate developers.
AVG Mobile Threat Update: Week 3
January 29, 2012
The AVG Mobilation research team found a new variant of ‘FakeInstaller‘ malware that is not in the wild yet named ‘SMSFraudInstaller’. ‘SMSFraudInstaller’ is a Trojan horse for Android devices that sends SMS messages to premium service numbers. The spread of this malware is mainly in Russia websites and forum and mainly targets Russian users.
A Trojaned application uses to serve Hacktivism and political propaganda in the Middle East.
December 25, 2011
An Android application that disguised itself as a legit application used to spread political propaganda and targets users in the Middle East.
Windows Phone 7.5 suffers from a flaw that could allow potential attackers to send a malicious SMS to devices.
December 14, 2011
Windows Phone 7.5 suffers from a flaw that could allow potential attackers to send a malicious SMS to devices. The SMS would reboot the device and render the messaging hub functionality of Windows Phone useless. The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient.
A Trojan horse named RUFraud that targets Android devices was found in various applications in the Android Market.
December 14, 2011
A Trojan horse named RUFraud that targets Android devices was found in various applications in the Android Market. This Trojan sends SMS messages to premium phone numbers.
New Spy application was found in the Android Market.
November 30, 2011
A spy application named 'Total SMS Control' was found and removed from the Android Market. The application can automatically forward SMS, MMS,Call notification & Recorded call to Email, Twitter and/or another phone. It can also secretly monitor text Messages,Calls and location and also other functionality without the user being aware of it.
New vulnerability that affect Android versions below 2.3.6 was found.
November 28, 2011
The vulnerability affects Android devices with the PowerVR SGX chipset which includes popular models like the Nexus S and Galaxy S series. The vulnerability was patched in the Android 2.3.6 OTA update.
New malware named 'SMS Fake Installer' was found in alternative android markets in Russia.
November 09, 2011
New malware named 'SMS Fake Installer' was found in alternative android markets in Russia.
A new Android Trojan named 'Lena' was found, which is an evolution of DroidKungFu Trojan.
October 23, 2011
A new Android Trojan named 'Lena' was found, which is an evolution of DroidKungFu Trojan.
First SpyEye malware targeting Android was found.
October 18, 2011
First SpyEye malware targeting Android was found.
A trojan named Anserverbot was found in alternative Android markets in China.
October 18, 2011
A trojan named Anserverbot was found in alternative Android markets in China.
two Android vulnerabilities were found by researchers.
October 18, 2011
Two Android vulnerabilities, which have been reported to Google but not yet patched were found: 1) A permission escalation allowing the installation of applications with arbitrary permissions without user approval. 2) A privilege escalation targeting Android’s Linux kernel that allows an unprivileged application to gain root access.
A malware that spread with usage of QR codes was found
October 18, 2011
A malware that spread with usage of QR codes was found
A malware that disguises as a mobile web browser Opera Mini was found.
October 18, 2011
A malware that disguises as a mobile web browser Opera Mini was found.
A new Android phishing application posing as an unofficial Netflix application has been discovered in alternative markets.
October 18, 2011
A new Android phishing application posing as an unofficial Netflix application has been discovered in alternative markets.
An Android application that can be used as a spyware was found on Android Market
October 02, 2011
An Android application that can be used as a spyware was found on Android Market The application is Android cloud spyware that can be used by an attacker or not authorized user to take out personal info from the device such as contacts, messages, recent calls and history.
New Root-Capable Malware named 'DroidDeluxe' Found in Alternative Android Markets
September 04, 2011
New Root-Capable Malware named 'DroidDeluxe' Found in Alternative Android Markets
Android malware 'SndApps' was removed from Official Android Market
August 18, 2011
Android malware 'SndApps' was removed from Official Android Market
New Android named 'Netisend' was found in alternative Android market
August 18, 2011
New Android named 'Netisend' was found in alternative Android market
New malware named 'lovetrap' was found in alternative android market
August 18, 2011
New malware named 'lovetrap' was found in alternative android market
New Android trojan named 'DogWar' was found in alternative Android Markets.
August 18, 2011
New Android trojan named 'DogWar' was found in alternative Android Markets.
New DroidKungFu Variants were found in Alternative Android Markets.
August 18, 2011
New DroidKungFu Variants were found in Alternative Android Markets.
New Android malware 'RogueSPPush' was found in alternative Android markets.
August 18, 2011
New Android malware 'RogueSPPush' was found in alternative Android markets.
First Android malware utilizing Gingerbreak root exploits was found.
August 18, 2011
A new malware 'GingerMaster' was found. Its the first Android Malware Utilizing Gingerbreak Root Exploits.
A new variant of Android malware named 'NickiBot' is capable of recording phone conversations
August 15, 2011
This Trojan is capable of recording conversations made from Android devices. The Trojan fully controlled by SMS messages instead of relying on a hard-coded C&C server for instructions.
A new Android Trojan named 'NickiSpy' is capable of recording phone conversations
August 03, 2011
The Trojan is capable of recording conversations made from the device and save them to SD card, later those will be uploaded to a server. The malware also records SMSs (received and sent) and GPS location and info.
New Android malware named 'HippoSMS' was found in alternative Android markets
July 11, 2011
New Android malware named 'HippoSMS' was found in alternative Android markets
"AVG Community Powered Threat Report" for Q2 2011
July 10, 2011
AVG published "AVG Community Powered Threat Report" for Q2 2011. This report include an analysis of phishing attack used by Android malware.
New Android malware named 'GoldDream' was found in alternative Android markets
July 05, 2011
New Android malware named 'GoldDream' was found in alternative Android markets
An Android malware that act as an SMS relay was found
June 28, 2011
An Android malware that act as an SMS relay was found
Why 'rooting' your Android phone is bad for you
June 28, 2011
'Rooting' is the process in which you get root and unrestricted access to your android phone and software. 'Rooting' is essentially "hacking" your Android device. There're security implications of 'rooting' your device.
New malware that charges victims to premium rate SMS messages was found.
June 21, 2011
New malware that charges victims to premium rate SMS messages was found.
Possible personal information leak from Android devices was reported
June 16, 2011
Possible personal information leak from Android devices was reported
A malware that targets Custom Roms was found
June 16, 2011
A malware that targets Custom Roms was found.
New Android Spyware named 'Plankton' was found in Android Market
June 09, 2011
The Spyware collects users' browsing history, bookmarks, and device information. This information can be send to a remote server found under the control of the spyware author. It can also receive updates from the remote server and new code to run on the device.
'FaceNiff' Android application Lets You Hack social media From Your Android Smartphone.
June 09, 2011
'FaceNiff' is an Android application that lets the device sniff, intercept and hijack web session profiles over Wi-Fi networks, stealing other user's credentials from Facebook, Twitter and other social media services. The application requires root access on the user’s Android device and can also be used from distance by an attacker to hack into victim wireless netwok
New malware 'MSO.Anim' was found
June 08, 2011
This malware subscribes the victim to premium services numbers.
New android SMS Trojan 'YZHCSMS' was found on Android Market
June 08, 2011
This SMS Trojan was found in the official Android Market and also in alternative application markets.
Malicious fake "Trusteer Rapport" Android App was found
June 08, 2011
A new malware 'DroidKungFu' was found in alternative Chinese app markets
June 08, 2011
The new malware named 'DroidKungFu' is capable of rooting the vulnerable Android phone and circulated among alternative Chinese app markets. This malware encrypts two well known exploits named 'exploid' (udev exploit) and 'rage against the cage' exploit. When the malware runs it decrypts those two exploits and tries to gain root access on the device. The malware also contacts a remote server and collects information about the infected device.
New malware "BaseBridge" found
June 05, 2011
New malware "BaseBridge" found. The malicious application tries to run well known exploit named 'Rage Against The Cage' to get root on the device and then installs another malicious package.
DroidDreamLight was removed from the market
May 31, 2011
Multiple applications which contain malware that can steal personal data from their victims were found on the android market. Eight Applications published by ‘GluMobi’ we found to be light variants of the DroidDream malware. At this point we identify between 15000 and 35000 of victims infected by those applications . We confirmed they contain malicious code.
‘Holy F***ing Bible’ Prankware Trojan was found.
May 31, 2011
Prankware Trojan version of a legitimate application called ‘Holy F***ing Bible’ was found. The Trojan is triggered on 21 and 22 of May 2011 and can send SMS messages to the contacts found on the device, change wallpapers, get commands from a central command server and more.
"zsone" (iMatch, iCalendar and others) SMS scam apps discovered on the market
May 19, 2011
"zsone" (iMatch, iCalendar and others) that was uploaded by a rouge developer, tries to send SMS without the user’s permission. It has few variants, each variant with different application name – iMatch, iCalendar and others. After being installed, the malware waits for some time and tries to send text messages without the user consent. The malware sends the SMS messages in the background without the user’s notice and the user may be charged for those SMSs later.
GingerBreak threatens Android gingerbread devices
May 12, 2011
A vulnerability was found that allow to root access to Gingerbread and Honeycomb systems through exploitation of the system, breaking software protections put in place by manufacturers. This process is called rooting. Rooting allows devices running Android operating system to gain full access (root access) and unlock all features of the Android operating system, thereby removing limitations imposed by the manufacturers and endangering users security and personal data.
Privacy vulnerability in Skype for Android
April 17, 2011
Skype for Android has a serious privacy issue regrading private user information. The private info is World readable - and third party apps have total access to it. The disclosed info includes the user Skype contact list, and Chat log. Skype has issued an official statement advising users that they are working on a solution. Users are advised not to download apps from untrusted sources, and to use a current security solution such as Antivirus from AVG Mobility.
New Malware on Chinese sites: zHash
March 23, 2011
New Malware zHash is found inside a chinese app that offers Prepaid Voip service for chinese networks, and installs a backdoor on the phone using a known vulnarability. The effects of the new malware is limited to non Gapps enabled devices, and can only be installed on a limited types of Android enabled devices.
Fake Android Market Security Tool was identified
March 9, 2011
AVG Mobile solutions reports that a piece of malware dubbed 'Rogue.Vending10086' is the first identified fake Anti-Virus malware for Android. It attempts to ride on the wave of publicity generated by Google's response to a number of malware attacks on the Android platform. The rogue app is a version of Google's "Android Market Security Tool" intended to remove threats. However, instead of removing malware, it actually installs a new trojan. It is distributed via an independent app store and targets users on Chinese mobile. It registers itself to triggers of sending SMS messages, and harvests personal information such as a victim's IMEI and phone number. Of particular interest is that the trojan is based on Open Source code available on Google Code and that the Trojan contains debugging code for testing purposes, suggesting that it is malware in development and new variants can be expected soon.
Update: two more cases of Android malicious developer
March 3, 2011
Update: two more cases of Android malicious developer related to "Myournet", "Kingmall2010", "we20090202" with 50 malware applications was discovered in the wild , the attack was uncovered about a week. the malicious droidDream apps were pretend to be legit apps on the Android market , with victims all round the world. After installing, the apps are using exploits that rely on Android OS and Linux security bugs to escalate privileges and run as root.
Malicious "Myournet" developer with 21 malware applications was discovered
March 2, 2011
Another case of Android developer "Myournet" with 21 malware applications was discovered in the wild, with a long list of apps like "Hot Sexy Videos", "Super Guitar Solo", "Hilton Sex Sound" and similar. After installing the apps are using "CVE-2010-EASY Android local root exploit" and local exploits, that rely on Android OS and Linux security bugs to escalate privileges and run as root, to be able to install more malware and steal sensitive data. We have seen in the wild mainly a porn related variant called "Hot Sexy Videos" (hot.goddchen.sexyvideos), with over then 3,000 active infection cases. All malware by "Myournet" developer was downloaded around 50,000 times.
Another Pjapps trojan threats to Android mobile phones
March 1, 2011
A new malicious fake 'Steamy Window' Trojan has been detected in the wild available on unregulated third-party Android app stores. The 'Steamy' Trojan targets Android users and is part of the Pjapps 'ADRD' multi-platform malware network . During infection the 'Steamy' Trojan installs apps,searches and adds bookmarks, registers itself to sensors of network activity, alarms and various other OS events. The Trojan collects the unique IMEI/IMSI number of infected smartphones and acts as a botnet client. Users of AVG's Antivirus free are already protected through its cloud-based detection algorithms and do not need an update to their software.
New ADRD trojan threat to Android mobile phones
February 15, 2011
A new trojan has been identified. The "ADRD" Trojan targets Android users and is part of a Chinese multi-platform network Xiaxia.com also containing trojans for other platforms such as the Symbian S60 platform. During infection the ADRD trojan registers itself to sensors of network activity, alarms and various other OS events. Once installed it generates clicks on the Baidu ad network, it collects the unique IMEI/IMSI number of infected smartphones and acts as a botnet client. Users of AVG's free Android antivirus product are already protected through its cloud-based detection algorithms and do not need an update to their software.
Botnet trojan was found on the wild , over chinese apps stores
January 1, 2011
The malware piggyback on legit game called "MonkeyJump2.0", Analysis of the malware show engines with data theft features, SMS sending & GPS capabilities, access victims contact list access & bookmarks, sending e-mails, web search capability & ability to change the wallpaper, ready mass-infection attacks.
Fake "Angry birds bonus level" Trojan app allow secret installation of other bad apps , include Fake Toll Fraud app,Fake Location Tracker app and Fake Contact Stealer apps
November 14, 2010
The fake app has exploited a security hole in some version of android to install more bad apps from the android market without user notification and approval. the app triggers "INSTALL_ASSET" intent via XMPP protocol to start silently install the malware the app was found on the wild attacking real users and compromised real users security.
SMS spyware app discovered on the market
November 2, 2010
"Secret SMS Replicator", a spyware app which forwards all incoming text messages to a second phone, and cover its trace was developed for cheating secret surveillance . This app allows the attacker to automatically forward all victim incoming text messages to other phones. The attacker need access to victim device, install the spyware and enter in the phone numbers the attacker want to forward to and all of victim incoming messages will be silently forwarded automatically.
HTC Wildfire Gains Access to Root-Only Applications With Soft Root
September 2, 2010
New method called "Soft Root" for jailbreak HTC Wildfire devices was published on the wild,this method allow to gain temporary access to all data on the phone, with danger of third party apps can expose all private information of phone owners without the user's knowledge or permission. the temporary take advantage of the "exploitd" method to bypass the security model of android using binary file.
Tap Snake Game in Android Market is a Spy App
August 19, 2010
Another malicious application has been found from the Android Market. A game called "Tap Snake" isn't just a game, it turns out to be a geo-location spying application called GPS SPY. GPS SPY is developed by a Russian developer based in US and sold for $4.99.
Exploid, A new Privilege escalation exploit is being used to gain unauthorized access to the Android handsets.
August 12, 2010
A new Privilege escalation exploit is being used to gain unauthorized access to the Android handsets. The exploit named exploid is packaged in an app, and can potentially be used to gain access to private information. The exploit is using a hotplug vulnerability in the linux kernel allowing escalation of Privileges . affected devices include Droid-x, Xperia x10 and mini, Nexus-one and more.
A Trojan app has been found in the wild , attacking Russian android phones and sending text messages to Russian premium SMS numbers that cost money.
August 12, 2010
A Trojan app has been found in the wild , attacking Russian android phones and sending text messages to Russian premium SMS numbers that cost money. The infected app posing as a fake "Movie Player" has be be side loaded on the android handset, and is using the SEND_SMS permission. This infection is not widely spread. Always check what permissions an app requests. Our cloud-based antivirus solution is automatically updated against this Trojan
New security threat was demonstrated on the android market misleading real android users.
August 1, 2010
Developer from "Android and Me Labs" publish an proof of concept app called "LauncherSpam" , which install fake virus apps on the victim device. Installing this application will put a multitude of fake application icons into user's device. Applications like LaunchSpem have the potential to pollute the launcher, though uninstalling these kind of applications will uninstall the fake icons.
Backdoor software founded by hackers was left by phone manufacturer
July 13, 2010
New EVO 4G devices by HTC are sold with preloaded program called Skyagent which allow remote attackers to take control over a device by connecting to it on TCP port 12345 It appears that the potentially-rogue binary was designed as a backdoor into the phone, allowing remote control of the device without the user's knowledge or permission , take screen shots,monitor users activities and executing arbitrary commands. The program was intended to for debugging and testing the phone and included in the phone firmware.
HTC Evo 4G adobe flash vulnerability found and exploited to gain full control of the phone
July 7, 2010
Flash lite by adobe has a serious security flaw that allows to compromise the Evo 4g software integrity. When a special crafted website is visited, containing a specific Flash content, and a corresponding code is then run by the user on the phone allows to gain full control of the phone - allowing installing of new software and potential theft of private data
Android "MBackup" is a spyware named 'FlexiSPY' use to hunt users privacy
July 4, 2010
"MBackup" fake app, written by thailand-based Vervata spyware vendor , author of spyware tool "FlexiSPY" used to track users activities , like SMS, Voice calls, GPS and/or Location. the MBackup icon will not appear in the home screen like any other software but the program continue to run in the background and hide it self from the user. The FlexiSPY software allows attacker to control the software by sending hidden SMS commands to the target phone, The victim will not see these commands. the spyware "MBackup" opens the victim device to remote monitoring using Remote SMS Commands like 'Start Capture' , 'Change GPS Settings' and so on.
Easy infection of Android phone demonstrated by researcher
June 22, 2010
Researcher published an Android application to the market which can be modified using remote server malicious code. The application was masqueraded as a Twilight preview, hoping to attract teens to download it It demonstrated how easy it may be to infect large numbers of phones running Google's Android OS with hidden software that turns the devices into a zombie-like "botnet"
Be part of our community
- Identify and remove viruses with one easy click
- Download apps, music and videos with confidence
- Locate, lock and wipe your device if lost or stolen
- Complete protection from SMS spam, scams and phishing attempts
- VIP support when you need it to keep you working
- No disruptions or advertising
COMING SOON
and Antivirus PRO users
- Login for remote management of your Android™ device.
