The page may not load correctly.
December 29, 2017
The last month of this year is marked by an emergence of a new backdoor for computers and devices running Microsoft Windows. In December, Doctor Web analysts also determined that cybercriminals started hacking websites using a Linux Trojan Linux.ProxyM. Over the course of the month Dr.Web virus databases were updated with the signatures of new malicious programs for Android.
In December, virus analysts examined another representative of the Anunak Trojan family capable of executing the commands of cybercriminals on an infected computer. A new backdoor has been developed to work on 64-bit Windows versions and was dubbed BackDoor.Anunak.142. The Trojan can perform the following actions on an infected computer:
More information about this malicious program can be found in the news article published on our website.
In December, cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:
During December 2017, 241,274 URLs of non-recommended websites were added to Dr.Web database.
Linux.ProxyM has been known to virus analysts since May 2017. This is a quite simple malicious program that launches a SOCKS proxy server on an infected device. Cybercriminals use it to send up to 400 spam messages from each infected host, and quickly started distributing phishing email messages, in particular on behalf of DocuSign, which allowed them to work with electronic documents. Thus, cybercriminals collected the account data of its users.
In December, using a proxy server implemented in a Trojan, cybercriminals made numerous attempts at hacking websites. They used SQL injections (an injection of a malicious SQL code into a request to a website database), XSS (Cross-Site Scripting)—an attack method that involves adding a malicious script to a webpage, which is then executed on a computer when this page is opened, and Local File Inclusion (LFI)—an attack method that allows cybercriminals to remotely read files on an attacked server using specially generated commands. More information about this incident can be found in a review published by Doctor Web.
In December, Android.BankBot.243.origin and Android.BankBot.255.origin were detected on Google Play. They stole the login credentials of client accounts in credit organizations. A similar Trojan was also distributed outside the official Android software catalog. It was dubbed Android.Packed.15893. Also in December, the Dr.Web virus database was updated with Android.Spy.410.origin, which spied on Italian users.
Among the most noticeable December events related to mobile malware are the following:
Find out more about malicious and unwanted programs for mobile devices in our special overview.