All news

Doctor Web has identified a dangerous backdoor, Android.Backdoor.Baohuo.1.origin, in maliciously modified versions of the Telegram X messenger. In addition to being able to steal confidential data, including user logins and passwords, as well as chat histories, this malware has a number of unique features. For example, to prevent itself from being detected and to cover up the fact that an account has been compromised, Android.Backdoor.Baohuo.1.origin can conceal connections from third-party devices in the list of active Telegram sessions. Moreover, it can add and remove the user from Telegram channels and also join and leave chats on behalf of the victim, also concealing these actions. In fact, with this backdoor’s assistance, malicious actors gain full control over the victim’s account and the messenger functionality, while the trojan itself is a tool for boosting the number of subscribers in Telegram channels. Cybercriminals control the backdoor in different ways, one of which is via the Redis database; such a control mechanism is something that has not been seen previously in Android threats. According to our experts’ estimates, the number of devices infected with Android.Backdoor.Baohuo.1.origin has exceeded 58,000.

Doctor Web is updating Dr.Web vxCube. The upcoming release will allow the sandbox's reports to be linked with the MITRE ATT&CK Enterprise matrix. As a result, analysis results will be integrated into the knowledge base of adversarial tactics and techniques to provide researchers with a more accurate assessment of samples being examined and allow them to recreate the attack timeline. The MITRE ATT&CK framework contains information about threat actors’ tactics and techniques. Cybersecurity experts use the knowledge base to further enhance the security of IT infrastructures.

According to statistics collected by the Dr.Web anti-virus, the total number of threats detected in the third quarter of 2025 decreased by 4.23%, compared to the second quarter. The number of unique threats increased by 2.17%. Among the most commonly detected threats were unwanted adware software, ad-displaying trojans, and malicious scripts. Email traffic was dominated by malicious scripts, backdoors, and various trojans, including downloaders, droppers, and password stealers.

According to detection statistics collected by Dr.Web Security Space for mobile devices, Android.MobiDash ad-displaying trojans were the most widespread threats of Q3 2025. They were detected on protected devices 18.19% more often than during the previous observation period.

In the run-up to the new school year, Doctor Web has prepared a special offer: purchase Dr.Web Security Space to protect 2 computers for 2 years at 25% off, and get a unique promo code for 50% off your purchase of the Dr.Web Family Security mobile application for 1 parent device and 5 dependent devices. The promo runs through September 4.

Doctor Web is informing users about Android.Backdoor.916.origin, a multi-functional backdoor that spreads in the wild and targets Russian businesses. The malware is capable of executing multiple commands received from attackers and has rich functionality for espionage and data theft. Among other capabilities, it can listen to conversations, broadcast from a device’s camera, steal content from messengers and browsers, and use its keylogger functionality to hijack entered text, including passwords.

In 2023, Doctor Web’s experts started an investigation into a targeted attack on a Russian engineering company, the results of which we reported in a corresponding study. Apparently, cybercriminals are very interested in the corporate secrets of this enterprise, so two years later they decided to attack it again. The threat actors returned with new malware and a persistent desire to penetrate the company’s IT infrastructure—they used several attack vectors in an attempt to infect the target computers.

Doctor Web has released an updated version of its Antivirus Dr.Web Light for Android: 12.2.6. The product now supports Android OS version 16. It also has an updated antivirus engine, more efficient threat-detection capabilities, and faster scanning speeds. A number of internal changes were also made to the application to improve its performance.

Doctor Web’s virus laboratory has detected Trojan.Scavenger—a family of malicious apps that threat actors use to steal confidential data from crypto wallets and password managers from Windows users. Threat actors chain together several trojans from this family, exploiting DLL Search Order Hijacking vulnerabilities to execute their payloads and exfiltrate data.

Why is this better than a free one-month trial? The reason is simple: you're getting a 2-month license that does include technical support.

According to detection statistics collected by Dr.Web Security Space for mobile devices, adware trojans from various families remained the most common malware. Members of the Android.HiddenAds trojan family were again the most active, despite the fact that users encountered them 8.62% less often. These were followed by Android.MobiDash adware trojans; the number of attacks involving them increased by 11.17%. Android.FakeApp malicious programs, used in various fraudulent schemes, ranked third; they were detected on protected devices 25.17% less frequently.

According to statistics collected by the Dr.Web anti-virus, the total number of threats detected in the second quarter of 2025 decreased by 7.38%, compared to the first quarter. At the same time, the number of unique threats decreased by 23.10%. Unwanted adware apps, backdoors, ad-displaying trojans, and malicious scripts were among the threats most commonly detected on protected devices. In email traffic, most frequently detected were trojan downloaders, various malicious scripts, and trojan droppers.

Doctor Web is updating its interactive file analysis sandbox Dr.Web vxCube. The changes will apply to both the cloud-based and on-premise versions.

Full support has been extended for a number of Dr.Web products in accordance with Doctor Web’s lifecycle policy.

An antivirus security company Doctor Web continues its steady expansion overseas as it gains a foothold on the booming Indonesian market.

Doctor Web’s experts have discovered Android.Spy.1292.origin, spyware whose main target is Russian military personnel. The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs. Among other things, the malware sends the attackers phonebook contact information and the infected device’s geolocation. Moreover, this spyware collects data about the files stored on the devices and, when commanded by threat actors, can download additional modules possessing the functionality needed to steal the files.

Users of Dr.Web Enterprise Security Suite (ESS) are strongly recommended to promptly upgrade the product to version 13. Switching to the new version will provide you with full protection and regular updates for the antivirus components.

On April 15, 2025, a special promo is starting for users who have purchased Dr.Web Security Space licenses before September 1, 2024. Renew your license and receive a unique promo code that will allow you to purchase Dr.Web Security Space for mobile devices at 50% off.

Doctor Web is starting a new promo campaign that runs through December 31, 2025: purchase Dr.Web Security Space for mobile devices and Dr.Web Family Security—the app that will help you keep your children and other family members safe in the digital world—and get 10% off!

Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the banking sector does not meet the needs of the population, the number of cryptocurrency users is even higher. In cryptocurrency adoption rankings, Russia is among the top ten countries in terms of number of users. Anonymity, fast transactions, global accessibility and low transfer fees are the main advantages that attract ordinary users. Fraudsters, on the other hand, appreciate the irreversibility of the transactions, the lack of regulation, and the lack of user knowledge due to the relative novelty of the technology, which allows them to implement a variety of illicit enrichment schemes.

Version 2.0 is the latest release of Dr.Web Katana.

Modern IT infrastructures increasingly rely on container technologies, including Docker. These lightweight, standalone packages for running a variety of applications are valued for their effectiveness and easy integration with infrastructures. Such containers simplify application development, testing, and deployment; they offer exceptional scalability and allow companies to reduce their update release cycle.