Doctor Web’s October 2021 virus activity review

[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Statistics" }, { box => "Encryption ransomware" }, { box => "Dangerous websites" }, { box => "Mobile devices" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2021/DrWeb_review_august_2021.pdf' %] [% BLOCK global.tpl_blueprint.content %]

November 29, 2021

Our October analysis of Dr.Web’s statistics revealed a 34.87% increase in the total number of threats compared to the previous month. The number of unique threats increased by 39.75%. Nonetheless, adware still made up the majority of detected threats. These threats manifested with with different types of malware. Email traffic was the main way to distribute the PDF files used in phishing newsletters.

In October, we saw a 7.9% increase in user requests to decrypt files affected by encoders compared with September. Trojan.Encoder.26996 was the most active encoder, accounting for 44.02% of all incidents.

According to Doctor Web’s statistics service

The most common threats in October:

Adware.SweetLabs.5

An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of Adware, such as “OpenCandy".

Adware.Downware.19998

Adware often serving as an intermediary installer of pirate software.

Adware.Elemental.17

Adware that spreads through file-sharing services as a result of link spoofing. These links aren’t normal files. They’re applications that display advertisements and install unwanted software.

Adware.OpenCandy.247

Adware.OpenCandy.248

A family of applications that install other software on the system.

Statistics for malware discovered in email traffic

PDF.Phisher.313

PDF.Phisher.311

PDF.Phisher.314

PDF.Phisher.312

PDF.Phisher.321

PDF files used in phishing newsletters.

Encryption ransomware

In comparison with September, we saw a 7.9% increase in Uuser requests to decrypt files affected by encoders.

• Trojan.Encoder.26996 — 44.02%
• Trojan.Encoder.567 — 8.18%
• Trojan.Encoder.30356 — 0.94%
• Trojan.Encoder.11539 — 0.63%
• Trojan.Encoder.28501 — 0.63%

Dangerous websites

In October 2021, Doctor Web’s analysts’ turned their attention to sites that offer promotional codes for AliExpress. Fraudsters ask to make purchases through an exclusive link.

This snapshot shows an official Aliexpress affiliate program. After purchasing of goods, the owner of the promotional code will receive money.

Malicious and unwanted programs for mobile devices

In October, adware trojans and other malicious programs threatened Android users. These programs download applications capable of executing arbitrary code.

Moreover, Doctor Web malware analysts detected new threats on the Google Play catalog. They discovered trojans that enroll victims in paid services. They noted the presence of trojans that steal login information and passwords from Facebook accounts. They also found other malicious programms that turn Android devices into proxy servers that redirect fraudulent traffic.

The following October events related to mobile malware are the most noteworthy:

• Detection of new threats on Google Play;
• Adware activity and trojans capable of downloading and executing arbitrary code;

Find out more about malicious and unwanted programs for mobile devices in our special overview.

[% END %]