My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s April 2020 virus activity review

May 22, 2020

In April, an analysis of Dr. Web’s statistics revealed a 34.5% decrease in the total number of threats compared to the previous month. The number of unique threats dropped by 11.42%. Adware and malware browser extensions still made up the majority of detected threats. The Trojan.SpyBot.699 banking trojan along with malware that exploits vulnerabilities in Microsoft Office programs were the most frequently detected malicious software in email traffic. In addition, the most common threats included malicious HTML documents distributed as email attachments and redirecting users to phishing websites.

In April, the number of user requests to decrypt files affected by encoders increased by 34.27% compared with March. Trojan.Encoder.26996 was the most active encoder, accounting for 32.71% of all incidents.

Principal trends in April

  • A decline in malware spreading activity
  • Adware remain amongst the most active threats
  • A notable rise in encoder activity

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service

The most common threats in April:

Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.
Installation adware that spreads outdated software and changes the browser’s settings.
Adware that often serves as an intermediary installer of pirate software.
A torrent client designed to install unwanted programs on a user’s device.

Statistics for malware discovered in email traffic

According to Doctor Web’s statistics service

A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.

Encryption ransomware

In April, Doctor Web’s virus laboratory registered 34.27% more requests to decode files encoded by trojan ransomware than in March.

According to Doctor Web’s statistics service

Dangerous websites

In April 2020, Doctor Web added 140,188 URLs to the Dr.Web database of non-recommended websites.

March 2020 April 2020 Dynamics
+ 186,881 + 140,188 - 24.99%

Malicious and unwanted programs for mobile devices

In April, the total number of threats on Android devices increased by 16.46%, as compared to March. The Doctor Web laboratory uncovered new threats on the Google Play catalog. These include other modifications of the Android.Circle family, which spread under the guise of harmless applications and were executing criminal commands. In addition, Doctor Web virus analysts added new signatures for the Android.HiddenAds.2124 advertising trojan and the Android.Joker.164 malware program, which subscribed victims to paid services and ran arbitrary code.

The following April events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.