The page may not load correctly.
December 23, 2022
The number of user requests to decrypt files affected by encoders decreased by 6.8%, compared to October. Victims of encoders were most often targeted by Trojan.Encoder.26996, which caused 28.24% of all recorded incidents. The second most common encoder malware was Trojan.Encoder.3953, with a share of 22.19%. The culprit behind 2.88% of the cases where user file damage was detected was Trojan.Encoder.567, which took third place.
During November, Doctor Web’s malware analysts discovered a large number of new threats on Google Play. Among them were malware that loaded fraudulent websites and trojans that subscribed victims to paid services.
The most common threats of the month:
In November, the number of requests to decrypt files damaged by encoder trojans decreased by 6.8%, compared to the previous month.
In November, Doctor Web’s Internet analysts continued detecting phishing mailings and attacks involving various fraudulent websites. Once again among such sites were noted those that misled users with allegedly beneficial offerings. These included receiving free lottery tickets or participating in various promotions from famous companies and online stores.
The screenshots below depict an example of a fraudulent site which, based on a script, simulates a lottery draw and informs users of their win. To “receive” the money, a potential victim is asked to pay a commission or a fee. If the user believes this and agrees to pay, their money will end up in the scammers’ pockets. Moreover, the user will risk disclosing their bank card information.
The next image shows a fake site of a large Russian retailer, where a potential victim of the scammers is offered the chance to participate in a New Year’s promotion with the prospect of receiving a gift. First, the user must take a poll and then play a mini game and guess which box contains the prize. Similar to the previous example, the win in this case is also predetermined. To “obtain” the gift, the user must share the link they are given with a certain number of contacts or groups on WhatsApp messenger. The trick here is that such a link will lead not to the current site as the victim would assume, but to some other site instead. Among others, this could be a website with phishing or ads, or a site that distributes malicious software. Once the misled user shares the dubious website’s link with many of their contacts, they will see a message with false information stating that their application to participate in the promotion is allegedly being processed.
According to detection statistics collected by Dr.Web anti-virus for Android, the activity of banking trojans and adware-displaying malware increased in November. At the same time, users were less likely to come across apps with built-in unwanted adware modules.
Over the course of last month, our malware analysts discovered dozens of new malicious apps on Google Play. Among them were many fake apps from the Android.FakeApp family, which attackers use in various fraudulent schemes. Also discovered were trojans from the Android.Joker and Android.Subscription families—these subscribe victims to paid services.
The following November events involving mobile malware are the most noteworthy:
Find out more about malicious and unwanted programs for mobile devices in our special overview.