All news
Doctor Web discovers Linux Trojan written in Rust
Doctor Web’s specialists have discovered a new Linux Trojan written in the Rust programming language. The Trojan has been named Linux.BackDoor.Irc.16.
Real-time threat watch
Doctor Web discovers Windows Trojan that installs fake Chrome browser
Doctor Web’s specialists have examined Trojan.Mutabaha.1 , a new Trojan. It installs a bogus version of the Google Chrome browser that is capable of replacing advertisements on browsed webpages.
Real-time threat watch
Doctor Web discovers self-spreading Linux Trojan that can create P2P botnets
The Linux operating system remains a major target for virus makers. Doctor Web’s security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks.
Real-time threat watch
Doctor Web discovers backdoor targeting users in Russia, Great Britain, Spain, and the USA
Doctor Web already published a news article about the Trojan that takes advantage of TeamViewer’s remote control utility. This time, the company’s specialists have detected yet another backdoor that installs legitimate TeamViewer components on infected machines for the purpose of spying on users.
Real-time threat watch
Doctor Web detected Linux Trojan written in Go
Doctor Web analysts have detected and examined a new Linux Trojan which is able to run a cryptocurrency mining program on an infected computer. Its key feature lies in the fact that it is written in Go, a language developed by Google.
Real-time threat watch
Doctor Web discovers Trojan that can buy Google Play apps
Of all the malicious Android applications in existence today, Trojans that display annoying advertisements are the most popular with criminals. Some of these Trojans have additional capabilities such as downloading and installing programs and stealing private user information.
Real-time threat watch
Doctor Web discovers new Trojan targeting POS terminals
Cybercriminals have always retained an interest in creating malware for POS (Point-of-Sale) terminals used to process card payments. IT security specialists are aware of many POS Trojans that facilitate the transfer of intercepted consumer data to criminals.
Real-time threat watch
New Trojan found in 155 apps on Google Play: 2.8 million mobile devices already infected
Doctor Web specialists have discovered a Trojan on Google Play that displays annoying advertisements and steals private user information. This malware has been incorporated into more than 150 Android applications which have already been downloaded by over 2.8 million users.
Real-time threat watch
Doctor Web examined new spyware targeting accounting programs
Some of modern Trojans are complex multicomponent malicious programs that can perform a wide variety of functions. In this paper, we are going to focus on a dropper Trojan which was named Trojan.MulDrop6.44482, whose sample was kindly provided by Yandex. This malware is intended to spread other malicious programs including a dangerous spyware designed to attack accounting departments of Russian companies.
Real-time threat watch
Doctor Web detected malicious plug-in in some Google Play apps
Although Google Play is still considered to be the most secure Android app store, from time to time, attackers try to spoil its reputation by spreading their malicious programs via this catalog. One of such programs is Android.Valeriy.1.origin detected by Doctor Web specialists. This Trojan is intended to distribute malware and to subscribe users to various chargeable services, making money on victims’ carelessness.
Real-time threat watch
Doctor Web found first 1C accounting solutions Trojan able to run ransomware
Doctor Web specialists have examined 1C.Drop.1 , a Trojan that spreads itself (software used by more than 1,000,000 companies) via email. It infects computers on which 1C accounting applications are installed and runs a dangerous ransomware program. It is one of those rare cases when attackers create a malicious applications using new techniques or uncommon programming languages.
Real-time threat watch
New Trojan found in Google Play: Doctor Web uncovers social media account stealing scheme
Doctor Web specialists found a new Trojan being spread via Google Play applications. This malicious program named Android.PWS.Vk.3 targets VK («ВКонтакте», the largest European online social network) users stealing login credentials for their profiles.
Real-time threat watch
Files compromised by CryptXXX can now be decrypted by Doctor Web
Encryption ransomware is considered to be one of the most dangerous threats worldwide. It encrypts user private information and then demands a ransom for making it available again. Today, there are a lot of ransomware programs, and Doctor Web is successfully dealing with this type of Trojans for a long time already. In some cases, the compromised information can be restored—for example, our specialists have developed a decryption method for files that were compromised by CryptXXX before June 2016.
Real-time threat watch
Doctor Web warning: fileless Kovter Trojan found in system registry
Among today’s malware programs, we can mention a category of so called “fileless” Trojans. Their key feature lies in the fact that their payload is located not in a file but directly in the computer’s memory. Necessary files needed for their operation are stored in various containers—for example, the Windows system registry. In this paper, Doctor Web is going to focus on one of their representatives, which was named Trojan.Kovter.297 .
Real-time threat watch
Dangerous self-spreading successor of Zeus and Carberp discovered
In June, Doctor Web security researchers examined a new dangerous virus targeting Russian bank clients. The virus is designed to steal money from bank accounts and monitor user activity. It has borrowed a lot of features from its predecessors Zeus (Trojan.PWS.Panda) and Carberp. Yet, unlike them, it can be spread without any user intervention infecting executable files. Besides, curing of the infected computer is rather complicated and may take several hours.
Real-time threat watch
Banking Trojan discovered in hacked Android games
Doctor Web security researchers regularly register cases of Android mobile devices being infected with banking Trojans. To make malicious applications spread faster, virus makers usually masquerade them as benign programs. Android.BankBot.104.origin is not an exception because cybercriminals distribute this malware under the guise of a hack tool for mobile games and as a game cheating program.
Real-time threat watch
New backdoor found new way to use TeamViewer
Security researchers are aware of several types of malware programs that implement a popular tool of remote control called TeamViewer in order to get unauthorized access to the infected computer. Yet, a new Trojan—BackDoor.TeamViewer.49 —that was detected by Doctor Web and Yandex specialists in May 2016 is an exception because it uses this utility for absolutely different purposes.
Real-time threat watch
Banking Trojan infected dozens of Android apps worldwide
Today, hundreds of different banking Trojans attack Android users, and one of them is Android.SmsSpy.88.origin, which Doctor Web specialists first spotted in 2014. Although this malware may seem outdated, its popularity rating is still high: attackers have made the Trojan even more dangerous and capable of performing ransomware functions. Banking Trojans for Android mobile devices are considered to be one of the most dangerous threats for those who use mobile banking software because they run the risk to get robbed by cybercriminals. In this article, we are going to focus on the results of the Trojan’s improvement.
Real-time threat watch
New backdoor attacks Windows users
Backdoors are typically designed to execute cybercriminals’ commands on the infected machine. As a rule, they are used to gain a remote access to the user’s private information. Recently, Doctor Web security researchers have discovered yet another representative belonging to the mentioned category—BackDoor.Apper.1.
Real-time threat watch
Trojan for Android tricks people into installing Google Play applications
Google Play is the most reliable app store for Android devices. Yet, from time to time, different malicious programs can be discovered in the store.
Real-time threat watch
Facebook is attacked once again
At present, Facebook is considered to be one of the most popular social networks not only among ordinary Internet users but also among attackers. Doctor Web analytics found out that the Google Chrome plug-in able to send out spam messages has already affected more than 12,000 of Facebook users.
Real-time threat watch
Doctor Web warns against online store scams on Russian Internet
Online shopping has long become one of the most convenient ways to purchase products or services. Millions of people find it faster to log on to a website to buy what they want rather than stand in a long queue and wait for their turn. Today, almost anything can be purchased online—starting from food to electrical goods. In addition, numerous online stores offer affordable prices, fast delivery, and a wide variety of payment methods. However, not only potential customers take full advantages of online shopping but also cybercriminals do to conduct their illegal activity.
Real-time threat watch
Hacker utility spreads backdoor for Linux system
The emergence of new Trojans—especially for Linux—that execute cybercriminals’ commands and provide remote control over the infected machine is always a remarkable event in terms of information security. In April, Doctor Web security researchers detected at once several such-like Trojans, which were named Linux.BackDoor.Xudp.1 , Linux.BackDoor.Xudp.2 , and Linux.BackDoor.Xudp.3 respectively.
Real-time threat watch
New version of Gozi banking Trojan can create P2P botnet
Instead of contriving brand new banking Trojans, attackers prefer to modify old versions of popular financial malware programs. Thus, Doctor Web security researchers discovered a new modification of Trojan.Gozi, a banking Trojan whose source code became publicly available some time ago.
Real-time threat watch
Misconfigured DNS servers represent security risk
To illegally infiltrate computer systems and remote networks, attackers often use software vulnerabilities. Yet, incorrect configurations of server applications and other programs may pose a more dangerous threat. Doctor Web specialists discovered some misconfiguration of hardware belonging to a company that supplies DNS and web hosting services.
Real-time threat watch