According to the detection statistics collected by the Dr.Web antivirus, the total number of threats detected in the third quarter of 2024 was up 10.81% over the previous quarter. The number of unique threats decreased by 4.73%. The majority of detections were due to adware programs. Also widespread were malicious scripts, ad-displaying trojans, and trojans distributed within other malware to make the latter more difficult to detect. In email traffic, malicious scripts and programs that exploit vulnerabilities in Microsoft Office documents were most commonly detected.
On Android devices, the most commonly detected threats were trojans from the Android.FakeApp family, which are used for fraudulent purposes; Android.HiddenAds adware trojans; and Android.Siggen malicious apps possessing different functionality. At the same time, in August, our experts discovered Android.Vo1d, a new trojan that had infected nearly 1.3 million TV box sets running Android. In addition, several banking trojans targeting Indonesian users were found.
Doctor Web’s virus laboratory also uncovered many new threats on Google Play throughout the third quarter.
Principal trends in Q3 2024
- Adware programs remained the most commonly detected threats.
- Malicious scripts were again predominant in malicious email traffic.
- Over 1 million Android-based TV box sets were found to be infected with the Android.Vo1d backdoor.
- New threats were discovered on Google Play.
Network fraud
During Q3 2024, Internet scammers continued distributing spam emails containing links leading to various fraudulent sites. Russian-speaking users, for example, again dealt with messages that were supposedly sent on behalf of well-known online stores. Some of these mails offered users the ability to participate in prize draws or get a gift. After clicking on the links in such emails, potential victims were directed to fraudulent sites where they were asked to pay a commission to “receive” their gift or their winnings.
Scammers, allegedly on behalf of an online store, offer their potential victim the chance to “receive their winnings” of 208,760 rubles
In other emails, users were supposedly given a discount that could be used to purchase goods in a large electronics store. The links from such messages led to a fake website designed in the style of the genuine store’s site. When potential victims placed an “order” on this fake Internet resource, they had to provide their personal data and bank card information.
A fraudulent email that lets recipients “activate a promo code” for buying electronics
Finance-themed spam remains popular among fraudsters. For instance, threat actors were sending unwanted emails for users to “confirm” their receipt of large money transfers. An example of one such mail targeting English-speaking users is shown below. It contained a link that led to the phishing login form of an online bank that outwardly resembled the form on the real bank’s website.
The user supposedly needs to confirm receipt of US $1,218.16
A phishing site that fraudsters pass off as a genuine bank website
Among the unwanted emails targeting Japanese users, our experts detected yet more fake bank notifications—for example, ones that supposedly contained the previous month’s bank card statement. In one of these messages, the scammers camouflaged the link to the phishing site. In the text of the letter, users saw links to the real addresses of the bank’s website, but when they clicked on them, they were taken to a fraudulent Internet resource.
All the links in this email actually lead to a phishing website
French-speaking users (from Belgium, in particular) encountered phishing emails informing them that their bank accounts were “blocked”. To get them “unblocked”, they were asked to follow a link that actually led to the fraudsters’ website.
Scammers scare potential victims with a “blocked” bank account message
And among Russian users, email spam, sent presumably on behalf of famous banks and offering investor opportunities, was once again actively being distributed. The links in such unwanted emails lead to fraudulent sites where visitors, under the pretense of accessing investing services, are asked to provide personal data.
The user, allegedly on behalf of the bank, is being offered the chance to complete a test and become an investor
At the same time, Doctor Web’s Internet analysts detected new phishing websites targeting cryptocurrency owners. On one of them, for example, visitors were informed, supposedly on behalf of a large cryptocurrency exchange, about an undelivered Bitcoin transfer. To “complete” the transaction, potential victims were asked to pay a “commission”. Naturally, no cryptocurrency was ever received by the users—all they did was give their own assets to the scammers.
This fraudulent site informs users about a supposedly unreceived Bitcoin transfer
In addition, websites were detected that imitated the look of the VKontakte Russian social network. Visitors to these fake sites were offered the chance to participate in some prize drawing, for which they needed to open several virtual gift boxes. After the potential victims opened the “correct” boxes and allegedly won a large amount of money, the site proposed that they pay a “fee” to receive their “winnings”.
A fraudulent site offering visitors the opportunity to “try their luck”
This user has supposedly won a prize of 194,562 rubles
