My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s August 2018 virus activity review

August 31, 2018

In August, Doctor Web security researchers have detected the distribution of miner Trojans designed to covertly mine cryptocurrency. These programs were designed for Windows and Linux devices. Additionally in August, the Dr.Web virus databases were updated with new entries for Android Trojans.

Principal trends in August

  • Distribution of miner Trojans for Windows and Linux
  • Fraudulent mailings
  • Detection of new malicious programs for Android

Threat of the month

Beginning in June, cybercriminals started using a malicious program added to the virus databases under the name Linux.BtcMine.82. This Trojan, written in Go, is a dropper containing a packed miner in its body. The dropper saves the miner to a disk and launches it. The miner then starts mining the Monero (XMR) cryptocurrency. Doctor Web security researchers detected a few other miners for Windows on cybercriminals’ server.

#drweb Linux.BtcMine.82

All detected malicious programs were added to the Dr.Web virus databases. Find out more about the malware in the news article on our website.

According to Doctor Web’s statistics servers

According to Dr.Web Anti-virus statistics

A family of JavaScript scenarios designed to secretly mine cryptocurrencies (mining).
An encryption worm known as WannaCry.
A family of malicious programs that secretly use the computing resources of an infected computer to mine various cryptocurrencies, for example, Bitcoin.
A worm that replicates itself through removable media and network drives. In addition, it can be spread via a network using a standard SMB protocol. It is designed to download executable files from the C&C server and run them.

Statistics concerning malicious programs discovered in email traffic

Statistics concerning malicious programs discovered in email traffic #drweb

A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.
Trojan.Encoder.567, Trojan.Encoder.25843
Encoders that encrypt computer files and demand a ransom to decrypt compromised data.
A family of JavaScript scenarios designed to covertly mine cryptocurrencies (mining).
A family of Trojans that inject malicious code into the processes of other programs.

Encryption ransomware

Encryption ransomware

In August, cases involving the following ransomware modifications were most often registered by Doctor Web’s technical support service:

Dangerous websites

In August, many Internet users received emails where cybercriminals shared a password or login and password with a user. This password had been previously used during registration on one of the websites. Cybercriminals informed users that the virus had supposedly been placed on one of the pornographic websites the user had visited, and the camera was turned on while visiting this website. Cybercriminals also told users they had supposedly recorded a video with the email recipient. To avoid mass mailing this video to people on the contact list, the victim was asked to pay a ransom in bitcoins that was equal to several thousands of US dollars.

Evidently, these messages are an empty threat. Apparently, cybercriminals had obtained the database of registered users, which was stolen from one or several Internet resources. Doctor Web specialists recommend users change their passwords more frequently and do not use the same registration credentials on different websites.

During August 2018, 538,480 URLs of non-recommended websites were added to the Dr.Web database.

July 2018August 2018Dynamics
+ 512,763+ 538,480+5%

Malicious and unwanted programs for mobile devices

Also in August 2018, Doctor Web security researchers detected the Android.Clipper.1.origin Trojan changing e-wallet numbers on the clipboard of infected Android devices. In addition, many malicious programs were detected on Google Play. Among them were the Android.Banker.2843 and Android.Banker.2855 banking Trojans. These Trojans were distributed under the guise of benign applications. Cybercriminals also attempted to infect users’ mobile devices with the Android.DownLoader.768.origin, Android.DownLoader.772.origin, and Android.DownLoader.784.origin downloader Trojans. These Trojans downloaded various malicious software to Android devices. In August, Doctor Web security researchers also detected many of the Android.Click Trojans on Google Play. Cybercriminals used them to fraudulently receive money. Another fraudulent Trojan, called Android.FakeApp.110, was also distributed via Google Play. Among the malicious programs detected in August, was the dangerous Android.Spy.490.origin spyware. Cybercriminals could incorporate it into any application and distribute them under the guise of original applications.

The following events are among the most notable regarding mobile security in August:

Learn more about malicious and unwanted programs for mobile devices in our August overview.