Doctor Web’s June 2021 virus activity review

July 9, 2021

The June analysis of Dr.Web’s statistics revealed a 8% increase in the total number of threats compared to the previous month. The number of unique threats decreased by 18.7%. Adware still made up the majority of detected threats. A variety of malware, including web pages distributed in phishing campaigns, were the most frequently detected threats in email traffic.

In June, the number of user requests to decrypt files affected by encoders decreased by 8% compared with May. Trojan.Encoder.26996 was the most active, accounting for 37.65% of all incidents.

According to Doctor Web’s statistics service

The most common threats in June:

Adware.SweetLabs.4

Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.

Adware.Downware.19894

Adware.Downware.19937

Adware that often serves as an intermediary installer of pirate software.

Adware.Elemental.17

Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.

Adware.Softobase.12

Installation adware that spreads outdated software and changes browser settings.

Statistics for malware discovered in email traffic

W97M.DownLoader.2938

A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and are designed to download other malicious programs onto compromised computers. It is designed to download other malware onto a compromised computer.

Trojan.Loader.834

Trojan.Loader.838

Packer components with different payloads.

HTML.FishForm.123

The web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page is sent to the attacker.

PDF.Phisher.236

A PDF document used in phishing newsletters.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by almost 8% compared to May.

• Trojan.Encoder.26996 — 37.65%
• Trojan.Encoder.567 — 13.77%
• Trojan.Encoder.30356 — 1.62%
• Trojan.Encoder.761 — 1.21%
• Trojan.Encoder.18000 — 1.21%

Dangerous websites

In June 2021, Doctor Web analysts discovered activity in the sale of fake vaccinations QR сodes. The cybercriminals offered fake QR codes to enter cafe and restaurants.

The screenshot shows an example of a QR code trading scheme. Sales happens in private channels, which can be accessed only after joining the special chat. They publish enthusiastic customer reviews and promise a 100% guarantee of entry into any restaurant.

Malicious and unwanted programs for mobile devices

According to the detection statistics, Dr.Web anti-virus products for Android detected various trojans designed to display advertisements most often in June. Besides that, malicious applications that can execute arbitrary code and load other software remained among the most common threats.

Over the past month, Doctor Web virus analysts have discovered many threats on Google Play. Among them were various fake Trojans from the Android.FakeApp family that downloaded fraudulent websites. In addition, our specialists have identified another Trojans in Android.Joker, capable of running arbitrary code, as well as subscribing victims to paid services. These trojans were capable of running arbitrary code, as well as subscribing victims to paid services. In addition to that, trojans that steal logins and passwords from Facebook accounts were detected. Dr.Web reported on this in a recent news publication.

The following June events related to mobile malware were the most noteworthy:

• the detection of a large number of Threats on Google Play.

Find out more about malicious and unwanted programs for mobile devices in our special overview.