September 9, 2019
In August, Dr.Web server statistics detected a 21.28% decrease in the total number of threats compared to July. The number of unique threats dropped only slightly by 2.82%. The most common threat in email traffic is malware that exploits vulnerabilities in Microsoft Office documents, as well as trojan downloaders. Similarly to the previous month, the majority of detected malware and unwanted software is adware.
Principal trends in August
- A decline in malware spreading activity
- A growing number of non-recommended and malicious websites
- An upturn of encoder activity
Threat of the month
In August, researchers at Doctor Web’s virus lab discovered a dangerous banking trojan spread by cybercriminals via fake websites of popular software. One of these resources is copied from a well-known VPN service, while others are disguised as corporate office software websites.
According to Doctor Web’s statistics servers
Threats of the month:
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes the browser’s settings.
- Adware.Ubar.13
- A torrent client designed to install unwanted programs on a user’s device.
- Trojan.Winlock.14244
- A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
- Trojan.InstallCore.3553
- Another well-known adware installer. It displays ads and installs new software without a user’s permission.
Statistics for malware discovered in email traffic
- Exploit.Rtf.CVE2012-0158
- Modified Microsoft Office document. Exploits the CVE2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of trojan downloaders that exploit vulnerabilities in Microsoft Office applications and can download other malware to a compromised device.
- Exploit.ShellCode.69
- Another malicious Microsoft Office Word document, which uses the CVE-2017-11882 vulnerability.
- Trojan.PWS.Stealer.19347
- A family of trojans designed to steal passwords and other confidential information stored on an infected computer.
Encoders
In August, cases involving the following ransomware were most often registered by Doctor Web’s technical support service:
- Trojan.Encoder.858—17.73%
- Trojan.Encoder.11464—7.09%
- Trojan.Encoder.18000—4.96%
- Trojan.Encoder.28004—4.26%
- Trojan.Encoder.11539—2.60%
- Trojan.Encoder.25574—1.18%
- Trojan.Encoder.567—1.65%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In August 2019, Doctor Web added 204,551 URLs to the Dr.Web database of non-recommended websites.
| July 2019 | August 2019 | Dynamics |
|---|---|---|
| + 123,251 | + 204,551 | + 65.96% |
Malicious and unwanted programs for mobile devices
In August, Doctor Web experts discovered several new malware on Google Play. In early August, the Dr.Web virus database was updated to detect the Android.Click.312.origin trojan, which could open links and various websites following the command of the server. Virus analysts also detected new adware Android.HiddenAds, as well as the Android.DownLoader.915.origin downloader that was able to download other malicious applications.
At the end of the month, Doctor Web experts discovered another banking trojan that attacked users from Brazil. The malware, dubbed Android.Banker.346.origin, exploited the Android OS Accessibility Service and could hook text messages.
The following events are among the most notable regarding mobile security in August:
- Distribution of malware on Google Play;
- New unwanted adware modules.
Learn more about malicious and unwanted programs for mobile devices in our August overview.
