My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s December 2016 virus activity review

December 26, 2016

In the last month of 2016, Doctor Web’s specialists detected an Android Trojan that could infect the system libraries of devices. They also found a Trojan for Windows that is designed to install unwanted applications. And, later in the month, they discovered several Android Trojans in the firmware of many popular mobile devices.

Principal trends of December

  • The distribution of a Trojan that installs unwanted applications
  • The detection of numerous Trojans in the firmware of Android devices
  • The emergence of an Android Trojan capable of infecting system libraries

Threat of the month

Many modern Trojans download and install various applications on a computer without the user’s knowledge: virus makers use the services of affiliate programs to get paid for every download. These Trojans are usually very simple, unlike Trojan.Ticno.1537. Once launched, it tries to detect the presence of the virtual environment and debugging tools and starts operating only if it has not found anything suspicious. The Trojan saves a file named on the disk and opens a dialog similar to the Microsoft Windows “Save” window:

screen #drweb

The link “Additional parameters” is in the bottom-left corner. Once it is clicked, Trojan.Ticno.1537 shows the list of programs it is going to install. Among them are the Amigo browser, the application, and the Trojans Trojan.ChromePatch.1, Trojan.Ticno.1548, Trojan.BPlug.1590, Trojan.Triosir.718, Trojan.Clickmein.1 and Adware.Plugin.1400. For more information about Trojan.Ticno.1537, refer to this news article.

According to statistics collected by Dr.Web CureIt!

According to statistics collected by Dr.Web CureIt! #drweb

According to Doctor Web’s statistics servers

According to Doctor Web statistics servers #drweb

Statistics on malicious programs discovered in email traffic

Statistics on malicious programs discovered in email traffic #drweb

According to statistics collected by Dr.Web Bot for Telegram

According to statistics collected by Dr.Web Bot for Telegram #drweb

Encryption ransomware

Encryption ransomware #drweb

In December, cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:

Dr.Web Security Space 11.0 for Windows
protects against encryption ransomware

This feature is not available in Dr.Web Anti-virus for Windows

Data Loss Prevention
Preventive ProtectionData Loss Prevention

Dangerous websites

During December 2016, 226,744 URLs of non-recommended websites were added to Dr.Web database.

November 2016December 2016Dynamics
Non-recommended websites

Malicious and unwanted programs for mobile devices

In December, Doctor Web’s security researchers found Android.Loki.16.origin which was infecting Android system libraries, injecting itself into application processes, and covertly installing other programs. In addition, December was marked by the emergence of Android.DownLoader.473.origin and Android.Sprovider.7 which were preinstalled on dozens of models of Android devices. These Trojans also downloaded and installed unwanted applications.

Among the most noticeable December events related to mobile malware we can mention:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Learn more with Dr.Web

Virus statistics Virus descriptions Monthly virus reviews