Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s May 2022 virus activity review

June 14, 2022

In May, an analysis of Dr.Web’s statistics revealed a 0.86% decrease in the total number of threats, compared to April. With that, the number of unique threats rose by 1.73%. Nonetheless, adware and unwanted programs still made up the majority of detected threats. In email traffic, the malware most frequently distributed included malicious scripts, stealers, and phishing pages, along with programs that exploit vulnerabilities in Microsoft Office programs.

In May, the number of user requests to decrypt files affected by encoders decreased by 2.53%, compared to the previous month. Trojan.Encoder.26996 was the most active, accounting for almost 37.47% of all incidents.

Principal trends in May

  • The spread of malware in email traffic
  • Adware remains the top threat

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service

The most common threats of the month:

Adware.SweetLabs.5
An alternative app store and an add-on for Windows GUI (graphical user interface) by the creators of “OpenCandy” adware.
Adware.Downware.19998
Adware.Downware.19988
Adware.Downware.20026
Adware that often serves as an intermediary installer of pirate software.
Adware.OpenCandy.247
A family of applications that install other software on a system.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic

W97M.DownLoader.2938
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. They can also download other malicious programs to a compromised computer.
Trojan.PWS.Stealer.33179
A trojan designed to steal passwords and other confidential user data.
Exploit.CVE-2018-0798.4
An exploit designed to take advantage of a Microsoft Office software vulnerability and allow an attacker to run arbitrary code.
HTML.FishForm.206
A web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page are sent to the attacker.
JS.Redirector.435
A malicious script that redirects users to a web page controlled by fraudsters.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by 2.53%, compared to the previous month.

Encryption ransomware

Dangerous websites

In May 2022, the number of sites masquerading as official download pages of various popular software continued to grow. Cybercrooks continued to use these websites to spread bogus installers that delivered adware and malware to users’ computers.

Dangerous websites

Dangerous websites

The snapshot above shows an example of such a website and the launch of such an installer. The website has a certificate with a valid digital signature and additionally notifies the user that the file is allegedly safe to run.

Malicious and unwanted programs for mobile devices

In May, Android.Spy.4498, which steals information from other apps’ notifications, was again the most common mobile threat. That said, its activity continued to decrease. Advertisement trojans from the Android.HiddenAds family also remained among the most widespread Android threats. Their activity, on the contrary, increased slightly compared to April.

During May, Doctor Web analysts discovered new malicious programs in the Google Play catalog. Among them are fraudulent apps from the Android.FakeApp family and Android.Subscription trojans that subscribe users to paid services. Above that, new variants of trojans from Android.PWS.Facebook family were revealed. They steal credentials and other data that is needed to hack Facebook accounts. Fraudsters also spread Android.HiddenAds advertisement trojans in the Google Play catalog.

The following May events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies