Doctor Web’s April 2022 virus activity review

May 27, 2022

In April, an analysis of Dr.Web’s statistics revealed a 3.17% decrease in the total number of threats, compared to March. With that, the number of unique threats also went down by 27.06%. Users were mostly threatened by unwanted software, adware and bundlers. Trojan downloaders and programs exploiting vulnerabilities in Microsoft Office software were the most frequently detected threats in email traffic.

In April, the number of user requests to decrypt files affected by encoders decreased by 2.25%, compared to the previous month. Trojan.Encoder.26996 was the most active, accounting for almost 40% of all incidents.

According to Doctor Web’s statistics service

The most common threats of the month:

Adware.SweetLabs.5

An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of “OpenCandy" Adware.

Adware.Downware.19998

Adware.Downware.20040

Adware that often serves as an intermediary installer of pirate software.

Adware.OpenCandy.247

A family of applications that install other software on a system.

BAT.Hosts.186

A malicious script written in Windows command interpreter language. It modifies the hosts file by adding a certain list of domains into it.

Statistics for malware discovered in email traffic

W97M.DownLoader.2938

X97M.DownLoader.4108

A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. They can also download other malicious programs to a compromised computer.

Exploit.CVE-2018-0798.4

An exploit designed to take advantage of a Microsoft Office software vulnerability and allow an attacker to run arbitrary code.

JS.Redirector.435

A malicious script that redirects users to a web page controlled by fraudsters.

Trojan.PWS.Stealer.23680

A trojan designed to steal passwords and other confidential user data.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by 2.25%, compared to the previous month.

• Trojan.Encoder.26996 — 40%
• Trojan.Encoder.3953 — 15.71%
• Trojan.Encoder.567 — 8%
• Trojan.Encoder.25096 — 2.57%
• Trojan.Encoder.34363 — 1.43%

Dangerous websites

In April 2022, web analysts observed an increase in the number of websites masquerading as official download pages of various popular software. Cybercrooks used these websites to spread bogus installers that delivered adware and malware to users’ computers.

The snapshot shows an example of such a website and the launch of such an installer. The program attempts to install a proxy browser plugin and additionally installs unwanted software to the user’s PC.

Malicious and unwanted programs for mobile devices

According to detection statistics of Dr.Web anti-virus products for Android, last month Android.Spy.4498 became the most frequent threat detected on users’ devices. It steals information from other apps’ notifications. Numerous advertising trojans also remained a common type of mobile malware. With that, the overall activity of both threats slightly decreased compared to the previous month.

However, during April, new malware was found in the Google Play catalog. Among them are fraudulent apps from the Android.FakeApp family and Android.Joker trojans that subscribe users to paid services.

The following April events related to mobile malware are the most noteworthy:

• Decreased activity of Android.Spy.4498 spyware;
• Decreased activity of advertising trojans;
• New malicious applications emerging on Google Play.

Find out more about malicious and unwanted programs for mobile devices in our special overview.