Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s August 2019 virus activity review

September 9, 2019

In August, Dr.Web server statistics detected a 21.28% decrease in the total number of threats compared to July. The number of unique threats dropped only slightly by 2.82%. The most common threat in email traffic is malware that exploits vulnerabilities in Microsoft Office documents, as well as trojan downloaders. Similarly to the previous month, the majority of detected malware and unwanted software is adware.

Principal trends in August

  • A decline in malware spreading activity
  • A growing number of non-recommended and malicious websites
  • An upturn of encoder activity

Threat of the month

In August, researchers at Doctor Web’s virus lab discovered a dangerous banking trojan spread by cybercriminals via fake websites of popular software. One of these resources is copied from a well-known VPN service, while others are disguised as corporate office software websites.

More about this threat

According to Doctor Web’s statistics servers

According to Doctor Web’s statistics servers #drweb

Threats of the month:

Adware.Softobase.15
Installation adware that spreads outdated software and changes the browser’s settings.
Adware.Ubar.13
A torrent client designed to install unwanted programs on a user’s device.
Trojan.Winlock.14244
A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
Trojan.InstallCore.3553
Another well-known adware installer. It displays ads and installs new software without a user’s permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Exploit.Rtf.CVE2012-0158
Modified Microsoft Office document. Exploits the CVE2012-0158 vulnerability in order to run malicious code.
W97M.DownLoader.2938
A family of trojan downloaders that exploit vulnerabilities in Microsoft Office applications and can download other malware to a compromised device.
Exploit.ShellCode.69
Another malicious Microsoft Office Word document, which uses the CVE-2017-11882 vulnerability.
Trojan.PWS.Stealer.19347
A family of trojans designed to steal passwords and other confidential information stored on an infected computer.

Encoders

In August, cases involving the following ransomware were most often registered by Doctor Web’s technical support service:

Encryption ransomware #drweb

Dangerous websites

In August 2019, Doctor Web added 204,551 URLs to the Dr.Web database of non-recommended websites.

July 2019 August 2019 Dynamics
+ 123,251 + 204,551 + 65.96%

Malicious and unwanted programs for mobile devices

In August, Doctor Web experts discovered several new malware on Google Play. In early August, the Dr.Web virus database was updated to detect the Android.Click.312.origin trojan, which could open links and various websites following the command of the server. Virus analysts also detected new adware Android.HiddenAds, as well as the Android.DownLoader.915.origin downloader that was able to download other malicious applications.

At the end of the month, Doctor Web experts discovered another banking trojan that attacked users from Brazil. The malware, dubbed Android.Banker.346.origin, exploited the Android OS Accessibility Service and could hook text messages.

The following events are among the most notable regarding mobile security in August:

Learn more about malicious and unwanted programs for mobile devices in our August overview.

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040