September 16, 2020
The August analysis of Dr.Web’s statistics revealed a notable decrease in the total number of detected threats — by 67.16% compared to the previous month. The number of unique threats dropped by 9.85%. Adware and malware installers still made up the majority of detected threats. Email traffic was still dominated by the programs that exploit vulnerabilities in Microsoft Office programs. In addition, users were threatened by malicious HTML documents that were distributed as attachments and redirected users to phishing websites.
In August, the number of user requests to decrypt files affected by encoders decreased by 2.5% compared with July. Trojan.Encoder.26996 was the most active encoder, accounting more than a quarter of all incidents.
Principal trends in August
- A decline in malware activity
- A decline in the number of unique threats
According to Doctor Web’s statistics service
The most common threats in August:
- Trojan.LoadMoney.4020
- A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
- Adware.Downware.19741
- Adware that often serves as an intermediary installer of pirate software.
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes the browser settings.
- Adware.Elemental.17
- Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
- Adware.Ubar.18
- A torrent client designed to install unwanted programs on a user’s device.
Statistics for malware discovered in email traffic
- W97M.DownLoader.2938
- A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer. Designed to download other malware onto a compromised computer.
- Exploit.CVE-2012-0158
- A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
- HTML.Redirector.35
- HTML.Redirector.32
- Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.
- Tool.KMS.7
- Hacking tools used to activate illegal copies of Microsoft software.
Encryption ransomware
In August, Doctor Web’s virus laboratory registered 2.5% fewer requests to decode files encoded by trojan ransomware than in July.
- Trojan.Encoder.26996 — 26.33%
- Trojan.Encoder.567 — 7.40%
- Trojan.Encoder.29750 — 5.03%
- Trojan.Encoder.30356 — 2.96%
- Trojan.Encoder.11464 — 2.07%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In August 2020, Doctor Web added 174,501 URLs to the Dr.Web database of non-recommended websites.
| July 2020 | August 2020 | Dynamics |
|---|---|---|
| + 198,467 | + 174,501 | - 12.08% |
Malicious and unwanted programs for mobile devices
In August, Doctor Web malware analysts detected new threats on the Google Play catalog. Numerous modifications of the Android.FakeApp family were among them. This trojans were distributed under the guise of reference software with bogus information about how to get a VAT refund and social benefits. In fact, they downloaded fraudulent websites used by attackers to steal money and personal information from victims. In addition, our specialists uncovered another modification from dangerous Android.Joker trojan family. It downloaded and ran arbitrary code, as well as subscribed Android users to paid services.
The following August events related to mobile malware are the most noteworthy:
- Growth in malware activity on protected devices
- Detection of new threats on Google Play
Learn more about malicious and unwanted programs for mobile devices in our August overview.
