Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.
12.12.2016 | Real-time threat news
Doctor Web’s security researchers have found a new representative of the
Android.Loki family of Trojans, malware we first
reported on in February 2016. Like the previous versions, this Trojan injects itself into processes of various applications, including system-related ones; however, this version can also infect Android libraries.
09.12.2016 | Real-time threat news
Malicious programs for specialty or so-called targeted attacks are detected quite rarely. In 2011, Doctor Web published a news article about the Trojan BackDoor.Dande, which was designed to steal information from drugstores and pharmaceutical companies. Four years later, Doctor Web specialists
found BackDoor.Hser.1, which was intended for use against defense companies. This month, they discovered a new backdoor that targets Russian companies engaged in the production of construction cranes.
17.11.2016 | Real-time threat news
Doctor Web’s specialists have pinpointed that the Trojan BackDoor.IRC.Medusa.1 was used by cybercriminals to carry out the recent series of DDoS attacks on the Rosbank and Eximbank of Russia websites.
14.11.2016 | Real-time threat news
Doctor Web’s specialists have discovered a new Trojan, dubbed Android.MulDrop.924, on Google Play. This Trojan covertly downloads applications and prompts users to install them. In addition, it displays annoying advertisements.
10.11.2016 | Real-time threat news
Most backdoor Trojans are created for Microsoft Windows; however, a few of them can infect Linux devices. This rare type of Trojan was investigated by Doctor Web’s specialists in October 2016.
20.10.2016 | Real-time threat news
Many different consumer devices—set-top boxes, network repositories, routers, and surveillance cameras—run the Linux operating system. And, many of these devices use default settings, which makes them very vulnerable to hacking. Doctor Web’s specialists have collected statistics on the most frequently detected Linux Trojans, including ones designed to attack the Internet of Things (IoT). This research shows that the Trojans installed most often on compromised devices are those that carry out DDoS attacks.
17.10.2016 | Real-time threat news
Doctor Web’s specialists have discovered the first ransomware program written in Go. The Trojan, dubbed Trojan.Encoder.6491, appends encrypted files with the .enc extension. Doctor Web’s security researchers have developed a method for decrypting files compromised by this malware program.
11.10.2016 | Real-time threat news
Doctor Web’s security researchers have examined a Trojan named Linux.Mirai which is used by criminals to carry out DDoS attacks. Because virus specialists were familiar with earlier versions of this Trojan, they were able to find many features of the previous versions in this latest one, and even the characteristic hallmarks of members of other Trojan families.
27.09.2016 | Real-time threat news
Doctor Web analysts have detected, within the Android.Xiny family, new species of Trojans designed to download and delete various programs. These Trojans can now infect the processes of system applications and download malicious plug-ins into the programs they have attacked.
20.09.2016 | Real-time threat news
Distributed Denial of Service (DDoS) attacks are the most common way for cybercriminals to attack network resources. A server under attack receives so many in-coming requests that it cannot cope with the influx and shuts down. Cybercriminals often use special malware for such attacks. One of these programs, dubbed Linux.DDoS.93, was discovered by Doctor Web’s security researchers.
13.09.2016 | Real-time threat news
Doctor Web’s specialists have discovered a new Linux Trojan written in the Rust programming language. The Trojan has been named Linux.BackDoor.Irc.16.
08.09.2016 | Real-time threat news
Doctor Web’s specialists have examined Trojan.Mutabaha.1, a new Trojan. It installs a bogus version of the Google Chrome browser that is capable of replacing advertisements on browsed webpages.
29.08.2016 | Real-time threat news
The Linux operating system remains a major target for virus makers. Doctor Web’s security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks.
19.08.2016 | Real-time threat news
Doctor Web already
published a news article about the Trojan that takes advantage of TeamViewer’s remote control utility. This time, the company’s specialists have detected yet another backdoor that installs legitimate TeamViewer components on infected machines for the purpose of spying on users.
15.08.2016 | Real-time threat news
Doctor Web analysts have detected and examined a new Linux Trojan which is able to run a cryptocurrency mining program on an infected computer. Its key feature lies in the fact that it is written in Go, a language developed by Google.
08.08.2016 | Real-time threat news
Of all the malicious Android applications in existence today, Trojans that display annoying advertisements are the most popular with criminals. Some of these Trojans have additional capabilities such as downloading and installing programs and stealing private user information.
04.08.2016 | Real-time threat news
Cybercriminals have always retained an interest in creating malware for POS (Point-of-Sale) terminals used to process card payments. IT security specialists are aware of many POS Trojans that facilitate the transfer of intercepted consumer data to criminals.
02.08.2016 | Real-time threat news
Doctor Web specialists have discovered a Trojan on Google Play that displays annoying advertisements and steals private user information. This malware has been incorporated into more than 150 Android applications which have already been downloaded by over 2.8 million users.
28.07.2016 | Real-time threat news
Some of modern Trojans are complex multicomponent malicious programs that can perform a wide variety of functions. In this paper, we are going to focus on a dropper Trojan which was named Trojan.MulDrop6.44482, whose sample was kindly provided by Yandex. This malware is intended to spread other malicious programs including a dangerous spyware designed to attack accounting departments of Russian companies.
27.06.2016 | Real-time threat news
Although Google Play is still considered to be the most secure Android app store, from time to time, attackers try to spoil its reputation by spreading their malicious programs via this catalog. One of such programs is Android.Valeriy.1.origin detected by Doctor Web specialists. This Trojan is intended to distribute malware and to subscribe users to various chargeable services, making money on victims’ carelessness.
23.06.2016 | Real-time threat news
Doctor Web specialists have examined 1C.Drop.1, a Trojan that spreads itself (software used by more than 1,000,000 companies) via email. It infects computers on which 1C accounting applications are installed and runs a dangerous ransomware program. It is one of those rare cases when attackers create a malicious applications using new techniques or uncommon programming languages.
22.06.2016 | Real-time threat news
Doctor Web specialists found a new Trojan being spread via Google Play applications. This malicious program named Android.PWS.Vk.3 targets VK («ВКонтакте», the largest European online social network) users stealing login credentials for their profiles.
15.06.2016 | Real-time threat news
Encryption ransomware is considered to be one of the most dangerous threats worldwide. It encrypts user private information and then demands a ransom for making it available again. Today, there are a lot of ransomware programs, and Doctor Web is successfully dealing with this type of Trojans for a long time already. In some cases, the compromised information can be restored—for example, our specialists have developed a decryption method for files that were compromised by CryptXXX before June 2016.
14.06.2016 | Real-time threat news
Among today’s malware programs, we can mention a category of so called “fileless” Trojans. Their key feature lies in the fact that their payload is located not in a file but directly in the computer’s memory. Necessary files needed for their operation are stored in various containers—for example, the Windows system registry. In this paper, Doctor Web is going to focus on one of their representatives, which was named Trojan.Kovter.297.
10.06.2016 | Real-time threat news