Subscribe to our news Changelog
Doctor Web’s review of virus activity on mobile devices in 2024
In 2024, ad-displaying trojans were once again the most widespread Android threats. Fraudulent software, ransom trojans, clickers, and banking trojans were more active than in the previous year. Among the latter, compared to 2023, the most common were simple banking trojans that steal only online bank account access data and SMS confirmation codes.
30.01.2025 | Updates | About viruses | Mobile threats | Virus reviews
Doctor Web’s annual virus activity review for 2024
In 2024, malicious programs created with the AutoIt scripting language and distributed as part of other malicious apps to make the latter more difficult to detect were once again among the most widespread threats. In addition, adware trojans and all kinds of malicious scripts were highly active. In email traffic, malicious scripts were also most commonly detected. Furthermore, threat actors used spam emails to distribute various trojans, phishing documents, and exploits that allow arbitrary code to be executed.
30.01.2025 | Dr.Web products | About viruses | Virus reviews
Upcoming major antispam update in Dr.Web products for Windows
Doctor Web continues to improve the antispam module in its products to ensure that unsolicited emails can be filtered out even more effectively.
29.01.2025 | Dr.Web products | Updates | Corporate news
Doctor, where did you get these pictures? Using steganography in a cryptocurrency mining campaign.
When analyzing telemetry data, virus analysts at Doctor Web identified malware samples that, upon closer examination, turned out to be components of an active campaign to mine the Monero cryptocurrency. This campaign is notable because it is implemented as a series of malware chains, two of which are based on executing scripts that extract malicious payloads from BMP image files.
24.01.2025 | About viruses | Real-time threat news
Doctor Web’s Q4 2024 review of virus activity on mobile devices
According to detection statistics collected by Dr.Web Security Space for mobile devices, Android.HiddenAds ad-displaying trojans were the malware programs most frequently detected in the fourth quarter of 2024 (Q4). The second most common threats were Android.FakeApp trojans, which are used in fraudulent schemes. Trojans from the Android.Siggen family, capable of executing various malicious tasks, ranked third.
26.12.2024 | Updates | About viruses | Mobile threats | Virus reviews
Doctor Web’s Q4 2024 virus activity review
According to the statistics collected by the Dr.Web anti-virus, the total number of threats detected in the fourth quarter of 2024 decreased by 1.53%, compared to the third quarter. At the same time, the number of unique threats increased by 94.43%. Among the most commonly detected threats were adware programs and adware trojans, malicious scripts, and trojans that are distributed with other malware and used to make the main payload difficult to detect. The majority of detections in email traffic were due to malicious scripts, adware trojans, and cryptocurrency-mining trojans. Increased activity on the part of spyware malicious apps was also noted.
26.12.2024 | About viruses | Virus reviews
Contactless banking for thee (and for thief): NFC money theft scheme reaches Russian users
Malware analysts at “Doctor Web” warn about the emergence of new versions of the NGate banking trojan, targeting users in Russia. This trojan relays data from the NFC chip of the compromised device, allowing the attacker to withdraw money from the victim's accounts at ATMs without any victim’s involvement.
26.12.2024 | Dr.Web products | About viruses | Real-time threat news
New Year's Advent Game: Explore our desktop!
Doctor Web is launching a traditional New Year's Advent Game: from December 18 till January 3, we invite you to participate in a quest: explore objects on our desktop to determine which of them poses a potential threat to you and your computer.
18.12.2024 | Dr.Web products | Promos | Corporate news
Dr.Web Family Security – Doctor Web’s new mobile app for your whole family’s digital security
We’re happy to present our new app Dr.Web Family Security, which is specifically designed to keep your entire household protected online.
17.12.2024 | Dr.Web products
Smart antivirus security with Dr.Web for Unix-like systems—for business and government organisations
Dr.Web for Unix-like systems combines high-quality protection with low system requirements, making this solution the perfect choice for organisations of any size. With our own unique time-proven technologies and the long-term trust of renowned companies, we are confident that we are providing vital corporate infrastructures with reliable protection.
12.12.2024 | Dr.Web products | Updates
Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools
An investigation into an information security incident has allowed virus analysts at Doctor Web to uncover an ongoing campaign that incorporates many modern trends employed by cybercriminals.
10.12.2024 | Dr.Web products | About viruses | Real-time threat news
Cyber Monday offer: Dr.Web Security Space at 35% off
Doctor Web is announcing the start of its Cyber Monday antivirus offer. From November 11-17, 2024, get 2 years of Dr.Web Security Space’s comprehensive protection for 1 PC at 35% off!
11.11.2024 | Dr.Web products | Promos
Malicious apps on Google Play: how threat actors use the DNS protocol to covertly connect trojans to C&C servers
Many Android.FakeApp trojans are tasked with opening links to various sites, and from a technical point of view, such malware programs are quite primitive. When launched, they receive a command to load a specific web address. As a result, the users who have installed them see the contents of some unwanted site on their screens instead of the program or game they are expecting. However, sometimes notable samples can emerge among such fake applications: Android.FakeApp.1669, for example. It differs from most of the threats that are similar to it in that it uses a modified dnsjava library to get the configuration from a malicious DNS server that contains the target link. At the same time, such a configuration is sent to the trojan only when it is connected to the Internet via certain service providers—mobile Internet providers, for example. In other cases, the trojan does not manifest itself in any way.
11.11.2024 | Updates | Mobile threats | Real-time threat news
Updates made to corporate Dr.Web 13.0.1 products supporting remote administration and Dr.Web Industrial
Doctor Web has updated its corporate Dr.Web 13.0.1 products supporting remote administration as well as the secure automated production solution Dr.Web Industrial. The update introduces new features (including the changes requested by business users) and addresses known software issues.
14.10.2024 | Dr.Web products | Updates
Doctor Web's statement regarding claims of a successful attack on its infrastructure
09.10.2024 | Corporate news
Widgets and other innovations in the latest Dr.Web FixIt! release
Doctor Web has updated its remote system diagnostics and threat elimination service Dr.Web FixIt! to version 2.4. The latest release introduces a variety of information widgets to make the service easier for operators to use. Major changes have also been made to the solution's UI—now its design incorporates the latest look and feel, tweaks, and upgrades included into other Dr.Web products; these significantly boost the user experience. While maintaining the same set of analysis and threat neutralisation tools, version 2.4 boasts improved usability and additional customisation options.
09.10.2024 | Dr.Web products | Updates
Hidden cryptocurrency mining and theft campaign affected over 28,000 users
Virus analysts at Doctor Web have identified a large-scale campaign aimed at spreading cryptomining and cryptostealing malware by delivering trojans to victims' computers under the guise of office programs, game cheats, and online trading bots.
08.10.2024 | Dr.Web products | About viruses | Real-time threat news
Redis honeypot: server with vulnerable Redis database reveals new SkidMap modification used to hide cryptocurrency mining process
Doctor Web virus analysts have identified a new rootkit modification that installs the Skidmap mining trojan on compromised Linux machines. This rootkit is designed as a malicious kernel module that hides the miner’s activity by providing fake information about CPU usage and network activity. This attack appears to be indiscriminate, primarily targeting the enterprise sector—large servers and cloud environments—where mining efficiency can be maximized.
03.10.2024 | About viruses | Real-time threat news
Doctor Web’s Q3 2024 review of virus activity on mobile devices
According to detection statistics collected by Dr.Web Security Space for mobile devices, Android.FakeApp trojan apps, used by threat actors in various fraudulent schemes, were the malicious programs most frequently detected on protected devices in the third quarter of 2024. Adware trojans from the Android.HiddenAds family ranked second. The third most commonly detected threats were Android.Siggen trojans—programs that have different malicious functionality and that are difficult to classify into any particular family.
01.10.2024 | Updates | About viruses | Mobile threats | Virus reviews
Doctor Web’s Q3 2024 virus activity review
According to the detection statistics collected by the Dr.Web antivirus, the total number of threats detected in the third quarter of 2024 was up 10.81% over the previous quarter. The number of unique threats decreased by 4.73%. The majority of detections were due to adware programs. Also widespread were malicious scripts, ad-displaying trojans, and trojans distributed within other malware to make the latter more difficult to detect. In email traffic, malicious scripts and programs that exploit vulnerabilities in Microsoft Office documents were most commonly detected.
01.10.2024 | About viruses | Virus reviews
Doctor Web resumed virus database updates after the attack on its infrastructure
Now that the dangerous situation involving the attack on Doctor Web's infrastructure has been resolved successfully, we're happy to bring you up to speed on the latest developments and present the security incident's complete timeline.
18.09.2024 | Dr.Web products | Real-time threat news | Corporate news
Doctor Web's resources attacked
On Saturday, September 14, Doctor Web specialists recorded a targeted attack on the company's resources. The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected.
17.09.2024 | Real-time threat news | Corporate news
Void captures over a million Android TV boxes
Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed Android.Vo1d , has infected nearly 1.3 million devices belonging to users in 197 countries. It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software.
12.09.2024 | Dr.Web products | About viruses | Real-time threat news
Doctor Web Antivirus Laboratory Chief spoke on the growing threat to Linux at the annual cybersecurity forum in China
Doctor Web took part in the annual cybersecurity summit and international antivirus conference in Tianjin, China. The second CSST (Cyber Security Summit in Tianjin) event was devoted to the theme "Jointly Building Cyber Security and Governing Cyberspace".
09.09.2024 | Corporate news
Gaining persistence in a compromised system using Yandex Browser. Failed spear phishing attack on Russian rail freight operator.
Social engineering is a highly effective fraud technique that is difficult to withstand. A skilled attacker knows how to find the right approach to intimidate or persuade a victim to perform an action. But what if an attack requires little communication effort, and a computer stops being a digital assistant and becomes an unwitting accomplice?
04.09.2024 | Dr.Web products | About viruses | Real-time threat news
