March 31, 2016
The past month showed that virus makers have become more active in their attempts to compromise Apple computers. At the beginning of March, Doctor Web security researchers registered new adware Trojans for OS X, and later, they found a new technique to decrypt files stored on Mac computers infected by a ransomware Trojan named Mac.Trojan.KeRanger.2. Besides, our specialists found a new malware program for Android that attackers incorporated either into some popular apps or into firmware of Android mobile devices.
PRINCIPAL TRENDS IN MARCH
- New adware programs for OS X
- New method to decrypt files compromised by ransomware for OS X
- New Trojan for Android incorporated into firmware and popular Android applications
Threat of the month
March began with Doctor Web detecting a family of adware Trojans for OS X. The first component that arrives on a Mac computer is Mac.Trojan.VSearch.2. At that, it masquerades as a benign application—for example, Nice Player.
Unlike other installers, Mac.Trojan.VSearch.2 does not allow the user to select modules to install on the computer in addition to the desired application. At that, the Trojan is set as if the user themselves checked all offered components. Apart from many other dangerous applications, the Trojan also installs Mac.Trojan.VSearch.4, a malware program that, in turn, can download and launch another Trojan named Mac.Trojan.VSearch.7. Once Mac.Trojan.VSearch.7 is on the computer, the very first thing it does is create a new user account, which is not displayed in the OS X Welcome dialog. Then it injects a JavaScript script in all opened webpages. This script is responsible for display of advertisements in the browser window and collects the user’s Web search queries of several search engines.
For more information about these Trojans and their technical details, refer to the article.
According to statistics collected by Dr.Web CureIt!
Trojan.InstallCore.1754
A Trojan that can install unwanted and malicious applications.Trojan.DownLoader
A family of malicious programs designed to download other malware to the compromised computer.Trojan.DownLoad3.35967
A Trojan that can download other malicious programs from the Internet and install them on the infected computer.Trojan.Crossrider1.50845
Trojans designed to display various advertisements.Trojan.Zadved
This Trojan displays fake search results in the browser window and imitates pop-up messages from social networking sites. In addition to this, the malware can replace advertisements displayed on different Internet resources.
According to Doctor Web statistics servers
Trojan.Zadved
This Trojan displays fake search results in the browser window and imitates pop-up messages from social networking sites. In addition to this, the malware can replace advertisements displayed on different Internet resources.Trojan.InstallCore.1903
A Trojan that can install unwanted and malicious applications.BackDoor.IRC.NgrBot.42
A fairly common Trojan, which is known to information security researchers since 2011. Malicious programs of this family are able to execute intruder-issued commands on infected machine controlled by cybercriminals via the IRC (Internet Relay Chat) text-messaging protocol.Trojan.PWS.Steam.11267
A Trojan designed to steal login credentials and other confidential information stored on the infected computer, together with Steam user accounts.
Statistics concerning malicious programs discovered in email traffic
Trojan.Zadved
This Trojan displays fake search results in the browser window and imitates pop-up messages from social networking sites. In addition to this, the malware can replace advertisements displayed on different Internet resources.Trojan.PWS.Stealer
A family of Trojans designed to steal passwords and other confidential information stored on the infected computer.Trojan.PWS.Steam.11267
A Trojan designed to steal login credentials and other confidential information stored on the infected computer, together with Steam user accounts.Trojan.DownLoader
A family of malicious programs designed to download other malware to the compromised computer.
Encryption ransomware
The most common ransomware programs in March 2016:
In February 2016, numerous mass media announced the emergence of the first ransomware Trojan for OS X that Dr.Web detects as Mac.Trojan.KeRanger.2. However, in March, our security researchers found how files affected by this Trojan could be decrypted. To read more about the Trojan, and learn what actions should be taken if your computer is infected by this malware, refer to the news article.
Dr.Web Security Space 11.0 for Windows
protects against encryption ransomware
This feature is not available in Dr.Web Anti-virus for Windows.
| Data Loss Prevention | |
|---|---|
 |  |
Dangerous websites
During March 2016, Doctor Web added 458,013 URLs into the Dr.Web database of non-recommended sites.
| February 2016 | March 2016 | Dynamics |
|---|---|---|
| +453,623 | +458,013 | +0.96% |
Malicious and unwanted programs for mobile devices
The first spring month was marked by the appearance of a new adware Trojan for Android. This malicious program was detected in some popular applications and on several dozens of Android firmwares. Its primary function is to display annoying advertisements. However, it can also download, install and run various software, and transmit confidential information to the server. Later in March, more than 100 Google Play apps were found to contain an advertising spyware. Moreover, Doctor Web specialists carried out the examination of dangerous Trojans able to inject themselves into Android system process and processes of running applications.
Among the most noticeable March events related to mobile malware, we can mention
- New adware Trojan that was preinstalled on a big number of Android mobile devices and was incorporated into some apps developed by well-known companies.
- Detection of an advertising spyware in more than 100 Google Play applications.
- Accomplished analysis of dangerous Trojans that can inject themselves into an Android system process.
Find out more about malicious and unwanted programs for mobile devices in our special overview.
