The page may not load correctly.
July 3, 2019
In June, Dr.Web server statistics registered a significant increase in the number of common and unique threats compared with May. Adware and installers are still leading in the total number of detected threats; the highest malware activity has been detected in email traffic. The dangerous stealer, Trojan.PWS.Maria.3 (Ave Maria), previously used to target an oil and gas company, is active again. The Trojan.Nanocore.23 trojan with remote access that helps control an infected computer is distributed via email. A malware campaign using the Trojan.Encoder.858 encoder also took place in June.
In June, a sample of the rare Trojan.MonsterInstall Node.js trojan was studied in the Doctor Web virus lab. When launched on a victim's device, it downloads and installs the modules it needs for operation, collects information about the system, and sends it to the developer’s server. After receiving a response from the server, it adds itself to autorun and starts mining the TurtleCoin cryptocurrency. Developers of this malware use cheats for popular games from their own webpages to distribute the trojan and infect files on other similar websites.
Threats of this month:
Rising threats of the month:
In June, Doctor Web’s technical support service registered cases involving the following encoders:
In June 2019, the Dr.Web database was updated with a total of 151,162 non-recommended website URLs.
|May 2019||June 2019||Dynamics|
|+ 223,952||+ 151,162||– 32.5%|
In June, Doctor Web virus analysts discovered many more malicious and unwanted programs on Google Play, including the Android.HiddenAds advertising trojans, displaying ad banners over other applications and the operating system interface, as well as the Android.FakeApp fraudulent software. The latter loaded websites where potential victims were invited to participate in online polls for a cash reward. To receive the money, users allegedly had to pay a certain commission or a test fee. If they agreed, however, they received no reward. Another member of this malware family, Android.FakeApp.174, loaded websites where users were signed up for obnoxious and fraudulent notifications.
New trojan downloaders were also detected this month, such as the Android.DownLoader.3200 and Android.DownLoader.681.origin. They downloaded other malicious applications on Android devices. Doctor Web experts also analyzed the new Adware.OneOceans.2.origin adware module, embedded into programs and games by developers.
The following mobile malware event of June was the most noteworthy:
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.
2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124