The page may not load correctly.
July 31, 2018
In early July, Doctor Web virus analysts have analyzed a new Trojan-Miner that used an unusual spreading pattern. Also, during this month, spammers were active with fraudulent sites advertising. Besides, in July Dr.Web virus databases have replenished with new malware entries, oriented to the Android mobile platform.
Our security specialists have already faced the spread of malware through the application update mechanism. This is how Trojan.Encoder.12544 (Petya, Petya.A, ExPetya and WannaCry-2), and the backdoor BackDoor.Dande, have reached users. In July, the Doctor Web technical support was contacted by a user on whose computer the application for crypto-currency mining was constantly appearing despite being removed by the antivirus every time. The investigation made by analysts testified that the culprit was a certain Computer room, a program for the automation of computer clubs and Internet cafes.
The update mechanism for this program was automatically downloading and installing the Trojan-Miner Trojan.BtcMine.2869. On July 9, Doctor Web specialists have found 2700 computers infected with this Trojan. More detailed information about this incident is stated in the article published on our website.
In July, the most often cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:
In July, Doctor Web specialists have detected several mass mailings which contained the advertisement of various fraudulent resources. Particularly, spammers sent messages allegedly on behalf of the Yandex company with a proposal to confirm the binding of the mail address to the account on the passport.yandex.ru portal. At the same time, the link on which scammers offered recipients to go to, did indeed lead to the Yandex portal. Meanwhile, another link, allegedly announcing the receipt of a certain prize, led a potential victim to the site of network scammers requiring to pay a small cash contribution for the gift they promised.
In a number of other fraudulent messages, there were links to pages of public services like Google Docs where attackers placed a web page with a picture mimicking reCAPCHA, the standard panel of automatic protection against robots. Clicking on this picture redirected users to various phishing sites.
Doctor Web analysts detected the addresses of fraudulent Internet resources and added all of them to the Dr.Web Parental Control and Office Control’s databases of non-recommended websites.
During March 2018, Doctor Web added 624,474 URLs into the Dr.Web database of non-recommended sites.
|june 2018||july 2018||Dynamics|
|+ 395 477||+ 512 763||+29.6%|
In the parting month in the Google Play catalogue several dangerous malicious programs have been detected. One of the was the Trojan Android.Banker.2746, which showed a fake window for entering personal data when launching banking applications. The othe Trojan, named Android.DownLoader.753.origin, has been downloading Android-bankers from the server of cybercriminals in order to avoid detection of the main malicious program on Google Play. Among the Trojans distributed in July were other bankers as well. One of them – Android.BankBot.279.origin. It was downloaded on users mobile devices when visiting fraudulent sites. Also, in July in Dr.Web anti-virus base the entry to detect malicious application-backdoorAndroid.Backdoor.554.origin was added. In addition, in the parting month, Doctor Web specialists discovered and investigated several new programs designed for cyber espionage. They received the names Program.Shadspy.1.origin and Program.AppSpy.1.origin.
Among the most notable July events related to mobile malware:
Find out more about malicious and unwanted programs for mobile devices in our special overview.