Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s December 2018 virus activity review

December 28, 2018

The last month of 2018 did not see any noticeable events related to information security. Among the malware detected on computers and in emails, malicious JavaScript scenarios remain prevalent. Most of them are designed to download other malware to an infected device and mine cryptocurrencies using the infected computer’s hardware. Like in November, the multicomponent banking malware Trojan.SpyBot.699 was often detected on hard disks. Cybercriminals can use it to remotely execute various commands on a computer and launch other malicious applications.

Principal trends of December

  • Distribution of malicious scripts
  • The emergence of new malware for Android

According to Doctor Web statistics servers

According to Doctor Web statistics servers in 2018

JS.DownLoader
A family of malicious scripts written in JavaScript and designed to download and install other malware programs on a computer.
Trojan.SpyBot.699
A multi-module banking Trojan. It allows cybercriminals to download and launch various applications on an infected device and makes it possible for their commands to be executed. The Trojan is intended to steal money from bank accounts.
JS.Miner
A family of JavaScript scenarios designed to covertly mine cryptocurrencies.
VBS.DownLoader
A family of malicious VBS scripts designed to download and install other malware on a computer.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic

JS.DownLoader
A family of malicious scripts written in JavaScript and designed to download and install other malware programs on a computer.
Trojan.SpyBot.699
A multi-module banking Trojan. It allows cybercriminals to download and launch various applications on an infected device and their commands to be executed. The Trojan is intended to steal money from bank accounts.
W97M.DownLoader
A family of downloader Trojans that exploit vulnerabilities in office applications and can download other malicious programs to a compromised computer.
JS.Miner
A family of JavaScript scenarios designed to covertly mine cryptocurrencies.

Encryption ransomware

Encryption ransomware

In December, cases involving the following ransomware modifications were registered by Doctor Web’s technical support service:

Dangerous websites

A total of 257,197 URLs from non-recommended websites were added to the Dr.Web database in December 2018.

November 2018December 2018Dynamics
+ 231,074+ 257,197+11.3%

Malicious and unwanted programs for mobile devices

In December, Doctor Web experts found the malicious application Android.BankBot.495.origin that targeted Brazilian users on Google Play. It stole confidential banking details and could covertly manage other programs using the accessibility features of Android. Other than that, Google Play turned out to contain adware Trojans from the Adware.HiddenAds and Adware.Patacore families and other malicious and unwanted applications. Virus analysts have also discovered a new version of the commercial spyware Program.Spyzie.1.origin that allowed attackers to spy on mobile device owners.

The following December events related to mobile malware were most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040