Doctor Web’s June 2022 virus activity review

Virus reviews | Hot news | All the news | Virus alerts
[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Statistics" }, { box => "Encryption ransomware" }, { box => "Dangerous websites" }, { box => "Mobile devices" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2021/DrWeb_review_november_2021.pdf' %] [% BLOCK global.tpl_blueprint.content %]

July 26, 2022

An analysis of Dr.Web’s June statistics revealed a 14.62% decrease in the total number of threats, compared to May. That said, the number of unique threats slightly increased, by 0.09%. In most cases, users continue encountering adware and unwanted software. In email traffic, malicious scripts, programs that exploit vulnerabilities in Microsoft Office programs, and trojan downloaders prevailed.

The number of user requests to decrypt files affected by encoders rose by 17.26%, compared to May. Trojan.Encoder.26996 was once again the most widespread encoder type, accounting for 33% of all incidents.

Principal trends in June

  • A decrease in the total number of detected threats
  • Adware remains one of the most widespread threats
  • An increased number of user requests to decrypt files affected by encoder trojans

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service

The most common threats of the month:

Adware.Downware.19998
Adware that often serves as an intermediary installer of pirated software.
Adware.OpenCandy.247
Adware.OpenCandy.248
A family of applications that install other software on a system, including other adware.
Adware.SweetLabs.5
An alternative app store and Add-On for Windows GUI (graphical user interface) by the creators of “OpenCandy” Adware.
Adware.Ubar.20
A torrent client designed to install unwanted programs on a user’s device.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic

W97M.DownLoader.2938
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. They can also download other malicious programs to a compromised computer.
Exploit.CVE-2018-0798.4
An exploit designed to take advantage of a Microsoft Office software vulnerability and allow an attacker to run arbitrary code.
JS.Redirector.435
A malicious script that redirects users to webpages controlled by fraudsters.
HTML.FishForm.311
A webpage spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page are sent to the attacker.
Trojan.DownLoader44.63714
A trojan application which downloads its payload from OneDrive cloud storage. Once downloaded, this file is decrypted and executed.

Encryption ransomware

The number of user requests to decrypt files affected by encoders increased by 17.26%, compared to May.

Encryption ransomware

Dr.Web Security Space for Windows protects against encryption ransomware

Training course
Dr.Web Rescue Pack

Dangerous websites

Last month, Doctor Web’s specialists continued tracing massive spam campaigns involving the distribution of emails containing links to fraudulent websites. In particular, fake websites of well-known oil and natural gas companies remain extremely popular among cybercriminals. When visiting such online resources, potential victims are invited to become investors, receive free assets or participate in prize draws. To do so, users are asked to “register” an account by providing their name, mobile phone number, and other personal information. In other cases, they need to pay for an allegedly required service, like a tax fee, a commission for transferring “winnings”, or currency conversion. In the end, victims of such scams receive nothing they were promised, and only ending up sending confidential data to malicious actors and losing money.

An example of an unwanted email containing a link to a fraudulent website and step-by-step instructions for users:

Dangerous websites

Examples of fraudulent websites offering registration, after which users will allegedly have a profitable natural gas trading opportunity:

Опасные сайты

Опасные сайты

Find out more about Dr.Web non-recommended sites

Malicious and unwanted programs for mobile devices

In June, we saw the continued decrease in activity on the part of the Android.Spy.4498 trojan, which hijacks information from other apps’ notifications. However, this malware remains the most widespread Android threat. The activity of adware trojans also decreased, compared to May.

During June, our specialists discovered a large number of malicious applications on Google Play. Among them were Android.HiddenAds adware trojans, Android.FakeApp fraudulent apps, and trojans from the Android.PWS.Facebook family. The latter are designed to steal users’ Facebook logins and passwords. In addition, our malware analysts uncovered other trojans from the Android.Joker family that subscribe victims to paid mobile services.

The following June events related to mobile malware are the most noteworthy:

  • A decrease in Android.Spy.4498 activity;
  • A decrease in adware trojan activity;
  • The discovery of a large number of malicious apps on Google Play.

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Find out more with Dr.Web

Training courses
Educational projects
[% END %]
Latest All news