The page may not load correctly.
April 3, 2018
In March, Doctor Web specialists detected and examined numerous new malicious programs. Mass phishing mailing was detected at the beginning of the month. It was performed on behalf of Mail.Ru. Researchers also examined several new Trojans of a large family of malicious programs Trojan.LoadMoney. In mid-March, a dangerous Trojan called Trojan.PWS.Stealer.23012 was detected. It stole files and other confidential information from infected devices. Security researchers also detected a whole range of malicious programs for Google Android in March.
Distribution of Trojan.PWS.Stealer.23012 started on March 11, 2018. Cybercriminals posted links to the Trojan in the comments section of YouTube. Many such videos show use of fraudulent game tutorial methods (so-called “cheats”) that involve special applications. Cybercriminals try to pass the Trojan off as such applications and other useful tools.
The Trojan collects Cookie files on an infected computer in addition to login credentials from several popular browsers, makes a screenshot and copies files from the Windows Desktop. The stolen information is then sent to the cybercriminals’ server along with data on the location of the infected device. For more information on the operation of Trojan.PWS.Stealer.23012, refer to this article published on our website.
In March, Doctor Web’s technical support was most often contacted by victims of the following modifications to encryption ransomware:
In early March, Doctor Web reported a mass emailing of phishing messages on behalf of Mail.Ru. In these emails, cybercriminals warned users that their accounts would be blocked on the Mail.Ru server and suggested a repeat authorization. A link in the email message led to a fake Mail.Ru website, and the information users provided was immediately sent to the cybercriminals.
The web address of the fraudulent website was added to the databases of the Dr.Web Office and Parental Control.
During March 2018, Doctor Web added 624,474 URLs into the Dr.Web database of non-recommended sites.
|February 2018||March 2018||Dynamics|
|+ 1,174,380||+ 624,474||- 46.8%|
Trojans of the Trojan.LoadMoney family that download other malicious programs to an infected computer have been known since 2013. In March, Doctor Web virus analysts examined several new representatives of this family. Virus writers have not implemented any visual effects in the malicious code, so these Trojans do not manifest themselves in the infected system. Therefore, detecting their malicious activity is not easy. More information on the examined malicious programs of the Trojan.LoadMoney family is available in our overview.
In March, Doctor Web specialists published examination results for Android.Triada.231, which cybercriminals injected into the firmware of over 40 models of Android smartphones. Android.Triada.231 infects the processes of all applications and can covertly perform various malicious actions. During the past month, numerous new Trojans were detected on Google Play. Among them were representatives of the Android.Click family. They can load and display any webpage. Android.BankBot.344.origin was also detected. Additionally, Doctor Web specialists found new banking Trojans created on the basis of the source code of Android.BankBot.149.origin. One of them was dubbed Android.BankBot.325.origin. This banker displayed phishing windows, performed cyber espionage, and provided cybercriminals with remote access to infected devices.
Among the most noticeable March events related to mobile malware:
Find out more about malicious and unwanted programs for mobile devices in our special overview.