The August analysis of Dr.Web’s statistics revealed a notable decrease in the total number of detected threats — by 67.16% compared to the previous month. The number of unique threats dropped by 9.85%. Adware and malware installers still made up the majority of detected threats. Email traffic was still dominated by the programs that exploit vulnerabilities in Microsoft Office programs. In addition, users were threatened by malicious HTML documents that were distributed as attachments and redirected users to phishing websites.
In August, the number of user requests to decrypt files affected by encoders decreased by 2.5% compared with July. Trojan.Encoder.26996 was the most active encoder, accounting more than a quarter of all incidents.
Principal trends in August
A decline in malware activity
A decline in the number of unique threats
According to Doctor Web’s statistics service
The most common threats in August:
A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
Adware that often serves as an intermediary installer of pirate software.
Installation adware that spreads outdated software and changes the browser settings.
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
A torrent client designed to install unwanted programs on a user’s device.
Statistics for malware discovered in email traffic
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer. Designed to download other malware onto a compromised computer.
Malicious and unwanted programs for mobile devices
In August, Doctor Web malware analysts detected new threats on the Google Play catalog. Numerous modifications of the Android.FakeApp family were among them. This trojans were distributed under the guise of reference software with bogus information about how to get a VAT refund and social benefits. In fact, they downloaded fraudulent websites used by attackers to steal money and personal information from victims. In addition, our specialists uncovered another modification from dangerous Android.Joker trojan family. It downloaded and ran arbitrary code, as well as subscribed Android users to paid services.
The following August events related to mobile malware are the most noteworthy:
Growth in malware activity on protected devices
Detection of new threats on Google Play
Learn more about malicious and unwanted programs for mobile devices in our August overview.