October 15, 2021
Our September analysis of Dr.Web’s statistics revealed a 58.1% increase in the total number of threats compared to the previous month. The number of unique threats decreased by 12.2%. Nonetheless, adware still made up the majority of detected threats that are manifested with different types of malware, including backdoors that can affect the file system significantly, which are most often distributed in mail traffic.
In September, the number of user requests to decrypt files affected by encoders decreased by 11.8% compared with August. Trojan.Encoder.26996 was the most active encoder, accounting for 43.79% of all incidents.
Principal trends in September
- A rise in malware activity
- Adware remains among the top threats
- Malicious downloaders spread in email traffic
According to Doctor Web’s statistics service
The most common threats in September:
- Adware.Elemental.17
- Adware that spreads through file-sharing services as a result of link spoofing that appears to be a legitimate link. Instead of receiving normal files, victims receive applications that display advertisements and install unwanted software.
- Adware.SweetLabs.5
- An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of Adware, such as “OpenCandy".
- Adware.Downware.19856
- Adware.Downware.19925
- Adware often serving as an intermediary installer of pirate software.
- Trojan.AutoIt.289
- A malicious utility program written in the AutoIt language, and is distributed as part of mining or RAT trojan. It performs various malicious actions that make it difficult to detect the main payload.
Statistics for malware discovered in email traffic
- W97M.DownLoader.2938
- A family of trojan downloaders that exploit vulnerabilities in Microsoft Office documents, and are designed to download other malicious programs onto compromised computers.
- HTML.FishForm.209
- A web page that is spread via phishing emails. It is a bogus/fake authorization page that mimics well-known websites. The credentials that the user enters on the page are sent to the attacker.
- BackDoor.SpyBotNET.25
- A backdoor script that’s written in .NET and designed to operate with a file system when copying, creating, deleting, etc, which can terminate processes, and take screenshots.
- JS.Phishing.168
- Malicious JavaScript script that generates a phishing web page.
- Trojan.Packed2.43380
- It is the packed modification of the Bladabindi backdoor. Bladabindi is the common backdoor threat with huge capabilities of remotely controlling an infected computer.
Encryption ransomware
User requests to decrypt files affected by encoders decreased by almost 11.8% compared to August.
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In September 2021, Doctor Web’s analysts’ attention was drawn to increased fraud lottery sites. Any visitor can choose 3 random gift boxes, and fortunately, one of them will guarantee to contain a lot of money.
The screenshot shows a page where the user can take the "prize”. However, this requires entering a bank card number and other personal data. Further the “lucky person" is contacted by the chat operators, whose main goal is to lure out as much money as possible. They call for sending money to cybercriminals under various excuses: commission, information services, or even "tax".
In September, Android users were most often threatened by adware trojans and other malicious programs that download applications capable of executing arbitrary code. Also, our specialists discovered many new trojans from the Android.FakeApp family in the Google Play catalog, which were used in fraudulent schemes.
The following September events related to mobile malware are the most noteworthy:
- the detection of a large number of threats on Google Play.
- Trojans designed to load other applications and execute arbitrary code are still active.
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Find out more with Dr.Web