Doctor Web’s September 2021 virus activity review

October 15, 2021

Our September analysis of Dr.Web’s statistics revealed a 58.1% increase in the total number of threats compared to the previous month. The number of unique threats decreased by 12.2%. Nonetheless, adware still made up the majority of detected threats that are manifested with different types of malware, including backdoors that can affect the file system significantly, which are most often distributed in mail traffic.

In September, the number of user requests to decrypt files affected by encoders decreased by 11.8% compared with August. Trojan.Encoder.26996 was the most active encoder, accounting for 43.79% of all incidents.

According to Doctor Web’s statistics service

The most common threats in September:

Adware.Elemental.17

Adware that spreads through file-sharing services as a result of link spoofing that appears to be a legitimate link. Instead of receiving normal files, victims receive applications that display advertisements and install unwanted software.

Adware.SweetLabs.5

An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of Adware, such as “OpenCandy".

Adware.Downware.19856

Adware.Downware.19925

Adware often serving as an intermediary installer of pirate software.

Trojan.AutoIt.289

A malicious utility program written in the AutoIt language, and is distributed as part of mining or RAT trojan. It performs various malicious actions that make it difficult to detect the main payload.

Statistics for malware discovered in email traffic

W97M.DownLoader.2938

A family of trojan downloaders that exploit vulnerabilities in Microsoft Office documents, and are designed to download other malicious programs onto compromised computers.

HTML.FishForm.209

A web page that is spread via phishing emails. It is a bogus/fake authorization page that mimics well-known websites. The credentials that the user enters on the page are sent to the attacker.

BackDoor.SpyBotNET.25

A backdoor script that’s written in .NET and designed to operate with a file system when copying, creating, deleting, etc, which can terminate processes, and take screenshots.

JS.Phishing.168

Malicious JavaScript script that generates a phishing web page.

Trojan.Packed2.43380

It is the packed modification of the Bladabindi backdoor. Bladabindi is the common backdoor threat with huge capabilities of remotely controlling an infected computer.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by almost 11.8% compared to August.

• Trojan.Encoder.26996 — 43.79%
• Trojan.Encoder.567 — 15.86%
• Trojan.Encoder.30356 — 3.45%
• Trojan.Encoder.11539 — 1.03%
• Trojan.Encoder.761 — 1.03%

Dangerous websites

In September 2021, Doctor Web’s analysts’ attention was drawn to increased fraud lottery sites. Any visitor can choose 3 random gift boxes, and fortunately, one of them will guarantee to contain a lot of money.

The screenshot shows a page where the user can take the "prize”. However, this requires entering a bank card number and other personal data. Further the “lucky person" is contacted by the chat operators, whose main goal is to lure out as much money as possible. They call for sending money to cybercriminals under various excuses: commission, information services, or even "tax".

Malicious and unwanted programs for mobile devices

In September, Android users were most often threatened by adware trojans and other malicious programs that download applications capable of executing arbitrary code. Also, our specialists discovered many new trojans from the Android.FakeApp family in the Google Play catalog, which were used in fraudulent schemes.

The following September events related to mobile malware are the most noteworthy:

• the detection of a large number of threats on Google Play.
• Trojans designed to load other applications and execute arbitrary code are still active.

Find out more about malicious and unwanted programs for mobile devices in our special overview.