The page may not load correctly.
September 29, 2017
In September, numerous media outlets reported that cybercriminals had actively started exploiting user browsers to illegally mine cryptocurrencies. The most popular cryptocurrency among cybercriminals is Monero (XMR).
Also in September, security specialists detected vulnerabilities in the Bluetooth protocol stack, and Doctor Web analysts discovered that cybercriminals were using the Internet of things (Iot) for mass spam mailings.
Doctor Web has already published an article about the malicious program Linux.ProxyM, which launches a SOCKS proxy server on the Linux devices it infects. Builds of this Trojan exist for devices possessing the following architectures: x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 68000, and SPARC. This means the Trojan is capable of operating on numerous “smart” devices, such as routers, set-top boxes, etc. Virus analysts have established that cybercriminals are using infected devices to distribute spam that advertises adult content resources. A device infected with Linux.ProxyM sends on average about 400 emails per day. The activity of this botnet is illustrated in the graph below:
Most of the devices infected with Linux.ProxyM that are being used to carry out the attacks are from Brazil. The United States and Russia were ranked second and third respectively.
In September, cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:
During September 2017, 298,324 URLs of non-recommended websites were added to the Dr.Web database.
|August 2017||September 2017||Dynamics|
|+ 275,399||+ 298,324||+8.32%|
In September, information surfaced that a group of dangerous BlueBorne vulnerabilities implemented with the Bluetooth protocol had been identified. Various devices, including Android smartphones and tablets, were affected. These vulnerabilities allow criminals to gain full control over attacked devices, execute arbitrary code, and steal confidential information. Also in the past month, Google Play was infiltrated by the Trojan Android.BankBot.234.origin which is designed to steal bank card information.
Among the most notable September events related to mobile malware:
Find out more about malicious and unwanted programs for mobile devices in our special overview.