Doctor Web’s May 2019 virus activity review
June 3, 2019
In May, Dr.Web’s statistics registered a 1.49% increase in the number of unique threats compared to April; while the number of all detected threats increased by 14.51%. Malware and unwanted programs statistics show the prevalence of adware and installers. E-mail traffic is still dominated by malware that uses the vulnerabilities of Microsoft Office programs, but in May we also registered an increase in the spread of the dangerous trojan, Trojan.Fbng.8 (FormBook).
Principal Trends in May
- An increase in malware spreading activity
- Trojan stealers distributed via email
Threat of the month
In May, Doctor Web’s researchers warned about unique malware for the macOS operating system–Mac.BackDoor.Siggen.20. It allows attackers to download and execute malicious python code on the victim’s device. Additionally, websites that spread the malware also infect their visitors with a Windows spyware trojan, BackDoor.Wirenet.517 (NetWire). The latter is a well-known RAT trojan used by hackers for controlling a victim’s PC remotely. It has several malicious functions, including using the camera and microphone on the victim’s device. The RAT trojan also has a valid digital signature.
According to Doctor Web’s statistics servers
Threats of the month:
- Adware.Softobase.12
- Installation adware that spreads outdated software and changes the browser’s settings.
- Adware.Ubar.13
- A torrent client designed to install unwanted programs on a user’s device.
- Trojan.InstallCore.3553
- Another well-known adware installer. It shows ads and installs additional programs without the user’s permission.
- Trojan.Winlock.14244
- A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
- Trojan.Starter.7394
- A trojan designed to launch other malicious software on a victim’s device.
Statistics for malware discovered in email traffic
Threats of the month:
- W97M.DownLoader.2938
- A family of downloader trojans that exploit vulnerabilities in Microsoft Office applications. Designed to download other malware onto a compromised computer.
- Exploit.ShellCode.69
- Another malicious Microsoft Office Word document. This one uses vulnerability called CVE-2017-11882.
- Exploit.Rtf.CVE2012-0158
- Another malicious Microsoft Office Word document. This one uses a vulnerability called CVE2012-0158.
- Exploit.Rtf.435
- A malicious Microsoft Office document that uses the CVE-2017-11882 vulnerability to download the Trojan.Fbng.8 (FormBook) trojan on users’ devices.
- Trojan.PWS.Stealer.19347
- A family of trojans designed to steal passwords and other confidential information stored on an infected computer.
Increased malware activity:
- Trojan.Inject3.15480
- Trojan also known as Trojan.Fbng.8 (FormBook). The Trojan also known as FormBook. It’s designed to steal private data, but can also receive commands from the developer’s server.
Encryption ransomware
In May, victims of the following encryption ransomware most frequently contacted Doctor Web’s technical support service:
- Trojan.Encoder.18000 — 15.38%
- Trojan.Encoder.858 — 9.89%
- Trojan.Encoder.11464 — 5.49%
- Trojan.Encoder.25574 — 5.49%
- Trojan.Encoder.11539 — 5.27%
- Trojan.Archivelock — 5.05%
- Trojan.Encoder.567 — 1.98%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
During May 2019, Doctor Web added 223,952 URLs to the Dr. Web database of non-recommended sites.
| April 2019 | May 2019 | Dynamics |
|---|---|---|
| + 345 999 | + 223 952 | - 35.27% |
Malicious and unwanted programs for mobile devices
In May, malware developers again distributed various malicious programs through the Google Play service. Researchers at Doctor Web discovered a trojan, Android.HiddenAds.1396, which showed advertising banners and blocked the interface of other apps and the operating system. Later the same month, the researchers discovered Android.SmsSpy.10206 and Android.SmsSpy.10263 spyware trojans, which were used to steal incoming SMS and send them to the malware developers.
The most noticeable May event related to mobile malware:
- The spread of new malware on Google Play;
Find out more about malicious and unwanted programs for mobile devices in our special overview.