Doctor Web’s May 2021 virus activity review
June 22, 2021
The May analysis of Dr. Web’s statistics revealed a 32.46% decrease in the total number of threats compared to the April. The number of unique threats increased by 31.4%. Adware still made up the majority of detected threats. Various malware that includes obfuscated, malicious scripts and programs exploiting vulnerabilities in Microsoft Office utilities were the most frequently detected threats in email traffic.
In May, the number of user requests to decrypt files affected by encoders increased by 19.9% compared with April. Trojan.Encoder.26996 was the most active, accounting for 25% of all incidents.
Principal Trends in May
- Growth in malware spreading activity
- Adware remains among the top threats
- An increase in the number of requests to decrypt files affected by encoders
According to Doctor Web’s statistics service
The most common threats in May:
- Adware.SweetLabs.4
- An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Downware.19894
- Adware.Downware.19937
- Adware that often serves as an intermediary installer of pirate software.
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes browser settings.
- Adware.Elemental.17
- Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Statistics for malware discovered in email traffic
- W97M.DownLoader.2938
- A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and are designed to download other malicious programs onto compromised computers.
- Tool.KMS.7
- Hacking tools used to activate illegal copies of Microsoft software.
- Trojan.PackedNET.624
- Trojan.PackedNET.43091
- Packed malware written in VB.NET.
- Exploit.ShellCode.69
- A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
Encryption ransomware
User requests to decrypt files affected by encoders increased by almost 19.9% compared to April.
- Trojan.Encoder.26996 — 25%
- Trojan.Encoder.567 — 13.6%
- Trojan.Encoder.11539 — 2.19%
- Trojan.Encoder.14940 — 1.75%
- Trojan.Encoder.858 — 1.35%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In May 2021, Doctor Web's analysts discovered many sites selling fake documents. Attackers offered cheap fake driver licenses or fake vaccination certificates.
This is a snapshot of the fraudulent website with fake medical documents. Users enter the site after their corresponding search engine request. Users just need to select the required certificate and the fake document is almost ready.
It is noteworthy that scammers try to disguise their activities as legal by putting small screenshots of medical certificates that are nearly impossible to see. On the websites of real clinics and medical centers, you can always view and carefully study all licenses.
Malicious and unwanted programs for mobile devices
In May, Doctor Web specialists have detected another new Trojans from the Android.FakeApp family in Google Play. They were distributed under the mask of applications with information about monetary payments from the state, as well as programs that helps users could allegedly receive free lottery tickets. Besides that, new modifications of Android.Joker were found, capable of running arbitrary code, as well as subscribing victims to paid services.
The following May events related to mobile malware are the most noteworthy:
- Detection of new threats on Google Play;
- Activity of adware, as well as Trojans capable of downloading and executing arbitrary code.
Find out more about malicious and unwanted programs for mobile devices in our special overview.