Doctor Web virus analysts have detected the Android.BankBot.495.origin Trojan attacking Brazilian financial institution customers on Google Play. This Trojan uses Android’s special features (Accessibility Service). It uses them to control infected mobile devices and steal their owners’ confidential data.
06.12.2018 | Real-time threat news
Typically, cybercriminals use several traditional malware distribution channels, the main one being spamming. However, occasionally one comes across other means of distribution. Doctor Web’s experts will touch on one of them in this article.
23.11.2018 | Real-time threat news
One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a miner that infects Linux devices. This malware can also infect other network devices and remove running anti-viruses.
20.11.2018 | Real-time threat news
Banking Trojans remain among the most dangerous malware programs; they help attackers steal confidential information and money from users. Doctor Web malware analysts have detected one such Trojan on Google Play. It has been attacking the customers of a number of European banks.
16.11.2018 | Real-time threat news
In August 2018, a new type of fraudulent mailing was recorded on the Internet. An analysis of messages received by our Technical Support Service shows that this threat is still relevant for October.
26.10.2018 | Real-time threat news
Doctor Web earlier published a
news article about the Downloader Trojan
Android.DownLoader.818.origin, distributed as a VPN client, i.e. software that allows you to connect to private virtual networks. Malware analysts have continued researching this malicious application and detected its new modification, named
Android.DownLoader.819.origin. Like the original Trojan, it was distributed via Google Play. It was installed by at least 51,100 users.
23.10.2018 | Real-time threat news
Downloader Trojans are malware that cybercriminals use to spread other Trojans. Doctor Web’s malware analysts have found one of these downloaders on Google Play. It was hiding in software designed to connect to private virtual networks (VPN).
19.10.2018 | Real-time threat news
Doctor Web analysts have investigated the activity of a cryptocurrency cybercriminal. The attacker, known as Investimer, uses a wide range of malware and various methods for gaining illegal income.
18.10.2018 | Real-time threat news
The China-based AliExpress online store is popular not only in Russia: residents of many countries use it to order various goods. And cybercriminals take advantage of that, sending fraudulent emails to customers on behalf of the company’s owner.
08.10.2018 | Real-time threat news
Modern banking Trojans use various methods to steal money from victims’ bank accounts: both high-tech and those designed to take advantage of users’ inattention or credulity. The banker discovered by Doctor Web experts threatens Brazilian remote banking systems’ users. To date, more than 300 unique samples of this banker have been identified, as well as over 120 servers used by them, and its distribution continues.
25.09.2018 | Real-time threat news
Doctor Web specialists has found dozens of malicious applications on Google Play designed to generate illegal revenue. Authors of these applications spread them under the guise of well-known and useful software and use them in different fraudulent schemes. In addition, many of them can potentially be used to distribute other Trojans.
30.08.2018 | Real-time threat news
Trojans for Microsoft Windows that replace wallet numbers in the clipboard during operations involving digital money and cryptocurrencies are widespread and well known for both computer users and information security specialists. In August 2018, Doctor Web virus analysts examined several malicious programs with similar functions designed for the Android mobile platform.
07.08.2018 | Real-time threat news
Cryptocurrency mining software that operates without a user’s knowledge has been spread among cybercriminals. The majority of them are designed for Windows; Linux miners are less frequent. This is a version that Doctor Web security researchers detected recently.
02.08.2018 | Real-time threat news
Cybercriminals used different methods to distribute malicious software. Amongst these was a standard update mechanism. Trojan.Encoder.12544 aka Petya, Petya.A, ExPetya and WannaCry-2 and BackDoor.Dande used
such mechanism. In this article, we are going to focus on another similar incident thoroughly examined by Doctor Web specialists.
09.07.2018 | Real-time threat news
Doctor Web analysts have exposed a criminal scheme that allowed a cybercriminal to earn millions of rubles. The cybercriminal, hiding behind the pseudonym “Faker”, developed a system for leasing out malicious programs on a subscription basis. It brought him a significant profit. Among the victims of the malicious scheme are numerous users of the Steam gaming platform.
30.05.2018 | Real-time threat news
In late March Doctor Web
reported the spreading of a Trojan that stole files and other confidential information from infected devices. Our virus analysts researched several new modifications of this malicious program and identified its developer.
14.05.2018 | Real-time threat news
Doctor Web specialists have detected the applications with the built-in Trojan Android.RemoteCode.152.origin in Google Play catalog, which has been downloaded more than 6 500 000 times in total. This malicious program silently downloads and launches additional modules, containing adware plug-ins. By using them, the Trojan downloads invisible ads and clicks on them, so criminals gain rewards.
26.04.2018 | Real-time threat news
Doctor Web specialists analyzed the new encryption Trojan. In most cases, decrypting files corrupted by the encoder is impossible due to the cybercriminals’ error.
16.04.2018 | Real-time threat news
Doctor Web virus analysts have detected a Trojan Android.Click.245.origin on Google Play. When ordered by cybercriminals, it loads websites where users are tricked into subscribing to paid content services. In some cases the subscription is executed automatically when users click on a fake “download program” button.
16.04.2018 | Real-time threat news
Doctor Web virus analysts have detected the spreading of Android.BankBot.358.origin, which is aimed at Sberbank’s clients. This malicious program steals bank card information, cashes out accounts, blocks infected devices and demands a ransom. Android.BankBot.358.origin could cause a loss of over 78,000,000 rubles.
05.04.2018 | Real-time threat news
Doctor Web is warning users about the spreading of a dangerous Trojan designed to steal files and other confidential information from infected devices. By using such data leak, cybercriminals can get access to user accounts on social network sites and other online services.
23.03.2018 | Real-time threat news
Doctor Web
discovered the Trojan
Android.BankBot.149.origin back in January 2016. After the attackers published the source code of this banking Trojan, virus writers have created a number of new modifications on its basis, which are actively developing to this day. Some of them have turned into multifunctional malicious programs, capable of stealing usernames and passwords for applications used for working with cryptocurrencies, as well as spying on users.
20.03.2018 | Real-time threat news
Doctor Web specialists found new Android Trojans on Google Play. The Trojans were distributed under the guise of popular apps. These fake apps can load and display any web pages at the cybercriminals’ command. This feature can be used to perform phishing attacks.
13.03.2018 | Real-time threat news
Doctor Web virus analysts have examined some Trojans belonging to a known Trojan.LoadMoney malware family. These Trojans can download other dangerous applications on infected computers.
06.03.2018 | Real-time threat news
Doctor Web virus analysts found a Trojan on Google Play distributed under the guise of a banking application that provides access to the online-banking services of various credit organizations. This malicious application is designed to steal login credentials and other confidential information from Russian users.
05.03.2018 | Real-time threat news