Author Topic: Does Avast license their detection rules to other, smaller mobile antivirus app  (Read 8046 times)

0 Members and 1 Guest are viewing this topic.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
I even sent Md5 hashes

That was 3 months ago.

No response.


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31483
  • Watching (over?) you
    • Malware removal, Biljart and other things.
That is why I say send him a message and ask.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
"PM"sent! I tried to "bcc" you as well Eddy but it says you have me blocked.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31483
  • Watching (over?) you
    • Malware removal, Biljart and other things.
That is correct, I only allow some people.
I was getting way too much requests from people to help them in private.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Here are just a few screenshots of the REAL reviews from just the last 3 days.

As you can see, the users are having difficulty uninstalling the DFNDR app and are STILL being lured to the app from FAKE virus warnings and a user claiming the app keeps enabling data and wifi  that they had disabled.

« Last Edit: June 28, 2017, 06:49:04 PM by sloshnmosh1 »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Like the requests for help THESE users are asking for Eddy?
« Last Edit: June 28, 2017, 04:16:15 PM by sloshnmosh1 »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31483
  • Watching (over?) you
    • Malware removal, Biljart and other things.
I've asked someone else from avast to have a look.
Let's see who gives a response and what it is.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Thanks Eddy!
Here are screenshots of the FAKE virus warning linking to the DFNDR app taken from my NEW Android phone.
« Last Edit: June 28, 2017, 05:41:19 PM by sloshnmosh1 »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
...that links too

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Snippet of email from manager at Psafe after a MONTH of asking if they were licensed to use Avast's technology and them dodging the question and I FINALLY received confirmation. (Names censored)

 ###### (PSafe)

Apr 27, 13:27 -03
Hello Mr. ########,

This is #######, manager of customer support at PSafe.

It has been brought to my attention the way one of my team members engaged in a recent contact with you. I'm sorry if that interaction gave you the impression that your questions are not being treated with the attention they deserve. So let me clear this up.

Regarding your original question: "Does Psafe have a license to use Avasts virus definitions?" The answer is that PSafe and Avast collaborate together on detections and PSafe’s use of Avast’s assets is known and permitted by Avast.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31483
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Little update :

The person I contacted has notified Hermansky that he still need to respond here ;)

Offline hermansky

  • Avast team
  • Full Member
  • *
  • Posts: 122
  • Protecting world against Skynet..
Hi guys,
first of all, I'd like to apologize for shamefully late reply. The truth is we've been superbusy last couple of months because of merging all systems and infrastructure with acquired AVG. I know, it's not an excuse, but I want to be honest. Thanks also to our expert Eddy for reaching me different way :).

Regarding to PSafe, I can also confirm the same thing - it's not a fraud, and we collaborate together on detections; their use is known to us and permitted. However please respect that the terms of our collaboration are confidential.

Anyway, I'm going to ask our threat intelligence to test DFNDR app and if there's any suspicion for misleading users, we'll draw the consequences. I'll keep you posted here.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Thank you Eddy for (finally) getting someone from Avast to respond!

As far as: Asking your "threat intelligence to test DFNDR app"

I never stated that the DFNDR "app" itself was "misleading or a "threat" (other than it requests FULL control of the users device and permissions)
 
However, EVERY "antivirus" app requires these invasive permissions to perform the "tasks" it is designed to do.

My ONLY concern here is how users have been DEFRAUDED into installing the DFNDR app through the use of FAKE "virus" infection warnings such as myself for over 5 months straight! (maybe longer)

When I contacted Psafe regarding this FRAUD they claim they have "no control" over these practices due to their "complicated advertising affiliations"

I have NEVER seen a fake "virus" warning that linked to a RESPECTABLE "antivirus" app or "security" company EVER!

Psafe requested I send screenshots and URL's of the fake virus warnings from me and the other users.

I forwarded the info requested to Psafe and within a WEEK I had the SAME fake "virus" warning on my BRAND NEW Android phone.

And before anyone makes the assumption (as did the first agent I spoke with at the Google play store) that my device may have been actually "infected", it was 2 days old and came  with the AVG "antivirus" app pre installed from the factory.

If anyone wants to "investigate" this fraudulent activity for themselves all they have to do is read the REAL reviews on the DFNDR listing on the Play store.

Unfortunately, because of how the "ratings" on the Play store are set up you will have to install a browser extension and user script similar to the ones I linked to in the beginning of this thread in order to filter out the FAKE reviews generated by users on "App bounty" that are being paid "credits" to make reviews to see what is REALLY going on.

And as for "testing" the app itself, I believe an independent test is in order.

Install a certificate on an Android emulator with the DFNDR app running which will allow for ALL internet traffic to be tunneled through a proxy to a Linux box (such as MITMProxy) to be decrypted to see if any "unwanted" user data is being sent out.
 
« Last Edit: June 29, 2017, 07:14:24 PM by sloshnmosh1 »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
More of the same...
« Last Edit: June 29, 2017, 07:20:54 PM by sloshnmosh1 »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 66
Quote
Regarding to PSafe, I can also confirm the same thing - it's not a fraud, and we collaborate together on detections; their use is known to us and permitted. However please respect that the terms of our collaboration are confidential

"it's not a fraud"

Here is one the definitions for FRAUD taken directly from Webster's dictionary: "an act of deceiving or misrepresenting"

IE: FAKE virus warnings

Here's another: "one that is not what it seems or is represented to be"

IE: Users installing DFNDR thinking it is somehow a DIFFERENT product or "virus definition(s)" than they would get from another, more well known app.

Why wouldn't a user just install the OFFICIAL Avast "antivirus" app that (perhaps) does not bombard users with ads, pop ups, suggested app downloads and MULTIPLE instances of "analytics"?

Oh, that's right...users are UNAWARE that it uses the Avast assets!

Because
Quote
the terms of our collaboration are confidential

 
« Last Edit: June 29, 2017, 09:45:25 PM by sloshnmosh1 »