Doctor Web’s September 2020 virus activity review

October 22, 2020

Our September analysis of Dr.Web’s statistics revealed a 13.88% increase in the total number of threats compared to the previous month. The number of unique malware also increased by 19.17%. Adware and trojan installers still made up the majority of detected threats. The dangerous Trojan.SpyBot.699 banker was again among the most common malware in email traffic. In addition, users were still threatened by malicious HTML documents that were distributed as attachments and redirected users to phishing websites.

In September, the number of user requests to decrypt files affected by ransomware remained at August levels. Trojan.Encoder.26996 was the most active encoder, accounting for 35.71% of all incidents.

According to Doctor Web’s statistics service

The most common threats in September:

Adware.Downware.19741

Adware that often serves as an intermediary installer of pirate software.

Adware.Softobase.15

Installation adware that spreads outdated software and changes the browser’s settings.

Trojan.LoadMoney.4020

A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.

Adware.Elemental.17

Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.

Adware.SweetLabs.2

An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.

Statistics for malware discovered in email traffic

W97M.DownLoader.2938

A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer. Designed to download other malware onto a compromised computer.

Trojan.SpyBot.699

A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.

Tool.KMS.7

Hacking tools used to activate illegal copies of Microsoft software.

HTML.Redirector.33

HTML.Redirector.32

Malicious HTML documents often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.

Encryption ransomware

In September, Doctor Web’s virus laboratory registered 0.45% fewer requests to decode files encoded by trojan ransomware than in August.

• Trojan.Encoder.26996 — 35.71%
• Trojan.Encoder.567 — 6.59%
• Trojan.Encoder.29750 — 3.85%
• Trojan.Encoder.18000 — 1.10%
• Trojan.Encoder.30356 — 1.10%

Dangerous websites

In September 2020, the Dr.Web database was updated with 152,270 URLs of non-recommended websites.

Malicious and unwanted programs for mobile devices

The total number of September threats on Android devices increased by 3.75% as compared to the previous month. Various trojan modifications were again distributed through the Google Play catalog. Among them were new version of Android.Joker capable of running arbitrary code, as well as subscribing Android users to paid services. Another discovered threat was the multi-functional Android.Triada.545.origin trojan that could also run arbitrary code and steal confidential data. In addition, Doctor Web malware analysts detected another clicker trojan named Android.Click.978. It displayed ads, loaded various websites and clicked links and banners located on them.

The following September events related to mobile malware are the most noteworthy:

• A rise in malware activity on protected devices
• Distribution of new threats via Google Play

Find out more about malicious and unwanted programs for mobile devices in our special overview.