The page may not load correctly.
August 31, 2018
In August, Doctor Web security researchers have detected the distribution of miner Trojans designed to covertly mine cryptocurrency. These programs were designed for Windows and Linux devices. Additionally in August, the Dr.Web virus databases were updated with new entries for Android Trojans.
Beginning in June, cybercriminals started using a malicious program added to the virus databases under the name Linux.BtcMine.82. This Trojan, written in Go, is a dropper containing a packed miner in its body. The dropper saves the miner to a disk and launches it. The miner then starts mining the Monero (XMR) cryptocurrency. Doctor Web security researchers detected a few other miners for Windows on cybercriminals’ server.
All detected malicious programs were added to the Dr.Web virus databases. Find out more about the malware in the news article on our website.
In August, cases involving the following ransomware modifications were most often registered by Doctor Web’s technical support service:
In August, many Internet users received emails where cybercriminals shared a password or login and password with a user. This password had been previously used during registration on one of the websites. Cybercriminals informed users that the virus had supposedly been placed on one of the pornographic websites the user had visited, and the camera was turned on while visiting this website. Cybercriminals also told users they had supposedly recorded a video with the email recipient. To avoid mass mailing this video to people on the contact list, the victim was asked to pay a ransom in bitcoins that was equal to several thousands of US dollars.
Evidently, these messages are an empty threat. Apparently, cybercriminals had obtained the database of registered users, which was stolen from one or several Internet resources. Doctor Web specialists recommend users change their passwords more frequently and do not use the same registration credentials on different websites.
During August 2018, 538,480 URLs of non-recommended websites were added to the Dr.Web database.
Also in August 2018, Doctor Web security researchers detected the Android.Clipper.1.origin Trojan changing e-wallet numbers on the clipboard of infected Android devices. In addition, many malicious programs were detected on Google Play. Among them were the Android.Banker.2843 and Android.Banker.2855 banking Trojans. These Trojans were distributed under the guise of benign applications. Cybercriminals also attempted to infect users’ mobile devices with the Android.DownLoader.768.origin, Android.DownLoader.772.origin, and Android.DownLoader.784.origin downloader Trojans. These Trojans downloaded various malicious software to Android devices. In August, Doctor Web security researchers also detected many of the Android.Click Trojans on Google Play. Cybercriminals used them to fraudulently receive money. Another fraudulent Trojan, called Android.FakeApp.110, was also distributed via Google Play. Among the malicious programs detected in August, was the dangerous Android.Spy.490.origin spyware. Cybercriminals could incorporate it into any application and distribute them under the guise of original applications.
The following events are among the most notable regarding mobile security in August:
Learn more about malicious and unwanted programs for mobile devices in our August overview.