The page may not load correctly.
July 3, 2018
The first month of summer appeared to be a quiet month in terms of information security. In the second half of June, Doctor Web security researchers registered a mass mailing used by network fraudsters to trick Internet users. During the month, new versions of malware programs for Android were also discovered.
In the second half of June, several mass mailings were detected. These mailings were used by cybercriminals to get gullible potential victims to visit fraudulent websites. Apart from mailings, cybercriminals also used feedback forms at various Internet resources, even those using captcha. In the messages, it appeared that the user had received a transaction or a money transfer. Here are some examples of these messages: “Hello. We have made a payment of $33.50 USD. Invoice code for payment: 2478347616. We inform you that there is enough money on your account balance for automatic renewal”, “The current personal account balance is 13,300 R. We inform you about receiving payment of 1,017 rubles according to invoice №97724”, “We inform you about receiving an invoice payment of 0 031 rub. Your current account balance is 37,561 rub”, “You order details: Balance increase—2 items, 379. 03 $. Thank you for using secure online ordering system. It is worth mentioning that all links in such messages directed to the free Google Docs service, where cybercriminals had already published a PDF document, offered to take a cash prize.
Once a potential victim clicked the link in this PDF document, they were redirected to one of the fraudulent websites offering to take some winnings or reward.
The next fraudulent scheme was quite simple. Cybercriminals have used it for years. A website visitor is required to send a sum of money to cybercriminals to get a prize. After, the visitor, of course, doesn’t receive any prize. Doctor Web analysts detected the addresses of fraudulent Internet resources and added all of them to the Dr.Web Parental Control and Office Control’s databases of non-recommended websites.
In June, cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:
During June 2018, 395,477 URLs of non-recommended sites were added to Dr.Web database.
In the last month, Doctor Web security researchers detected many programs with unwanted embedded advertising modules Adware.Appalytic.1.origin on Google Play. These modules displayed obnoxious notifications offering to download different software and opened the pages of advertised programs in Play Store. Later, our specialists detected several new representatives of the Trojan family Android.FakeApp on Google Play. These Trojans displayed various websites upon cybercriminals’ request. Also in June, cybercriminals distributed the Android.Spy.461.origin Trojan, that was used for spying purposes. In addition, the Android.SmsSend.1989.origin SMS Trojan imposed a threat for Android smartphone and tablet users. This Trojan subscribed users to chargeable services.
Among the most notable June events related to mobile malware, we can mention:
Find out more about malicious and unwanted programs for mobile devices in our special overview.