The page may not load correctly.
Defend what you create
Other Resources
February 28, 2018
In February, a ransomware Trojan was spread. This Trojan infects computers running Microsoft Windows. It appends the extension *.GDCB to encrypted files. The final winter month is also marked by the emergence of a miner Trojan for Android. This Trojan can distribute itself on its own, infecting network devices by enabled debugging mode. Smartphones, tablets, media players, routers and “smart” TVs can be infected by the Trojan.
Doctor Web security researchers detected a ransomware Trojan, Trojan.Encoder.24384. This Trojan is also known as “GandCrab!”, given to this Trojan by cybercriminals. The Trojan encrypts the contents of the fixed, removable and network disks. It also appends the extension *.GDCB to encrypted files. Once launched, under certain circumstances, the encoder checks for anti-virus programs on the infected computer. The Trojan then closes some running programs and installs itself on the system. The programs are specified by cybercriminals.
After restarting the computer, Trojan.Encoder.24384 encrypts files on the disk, except for system directories. We discuss this malicious program’s operating routines in our overview.
In February, Doctor Web’s technical support was most often contacted by victims of the following modifications of encryption ransomware:
During February 2018, the number of URLs of non-recommended websites added to the Dr.Web database was 278.9% higher than in the previous month.
January 2018 | February 2018 | Dynamics |
---|---|---|
+ 309,933 | + 1,174,380 | +278.9% |
In February, security specialists detected a miner Trojan, Android.CoinMine.15. The Trojan can remotely infect Android smartphones, tablets, TVs, routers, and media players connected to the network. The infection is possible only when the devices have the debugging mode enabled. Once the infection has been completed, the malicious program attempts to detect other devices connected to the network and installs its copy on them. Additionally, in the past month, cybercriminals distributed a banking Trojan via Google Play. The Trojan is detected as Android.BankBot.336.origin. This banking Trojan steals confidential information and money from users.
Among the most noticeable February events related to mobile malware were:
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.
2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124