February 1, 2019
2018 may have been a rollercoaster in terms of info security and privacy, but at the end of the year, we finally witnessed a long-awaited break. Cybercriminals decreased their activity during the holidays; but despite that, our statistics show a few peculiar and disturbing trends for January.
In the middle of the month, cryptocurrency holders were attacked by a monitoring tool that was disguised as a downloader Trojan. Later this month we registered a 28% increase in devices infected with the Trojan.Winlock.14244. Beyond that, our email traffic statistics show a 50% higher rate of distribution of malicious documents exploiting Microsoft Office vulnerabilities.
Principal trends in January
- Increased number of devices infected by OS blockers
- More frequent use of Microsoft Office exploits
- Spike of adware activity
Threat of the month
In January Doctor Web’s researchers discovered a Trojan in a cryptocurrency monitoring tool. This malware downloaded other Trojans on a victim’s PC and used them to steal private data, including passwords from cryptocurrency wallets.
More about this Trojan
According to Doctor Web’s statistics servers
Growing threats of the month:
- Ransomware Trojan. Blocks or limits user’s access to the Windows operating system, and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
- The sort of adware that is usually distributed as an installer for pirated software. Upon installation, it changes a browser’s settings and may install other software without asking for the user’s permission.
- Downloads and runs malicious software without the user’s permission.
- Infamous ransomware also known as WannaCry. Blocks access to users’ data by encrypting it and demanding payment for decrypting the data.
Decreased amount of threats from:
- Trojan designed for launching other malicious software on a victim’s device.
- Installs malware in a system. All the components necessary for installation are usually stored inside the MulDrop itself.
- Adware. Alters search results and redirects users to advertising websites.
Statistics for malware discovered in email traffic
Increased number of threats from:
- Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
- A family of downloader Trojans that exploit vulnerabilities in office applications and can download other malicious programs to a compromised machine.
- Another malicious Microsoft Office Word document. This one uses vulnerability called CVE-2017-11882.
- A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.
Increased activity of following threats:
- This dangerous malware is from a remote access Trojan family(RAT). It has infected 4 times more devices than in the previous month. Nanocore allows complete remote control of an infected device, including control over the camera and microphone.
Decreased the number of threats from:
- The Trojan also known as FormBook. It’s designed to steal private data, but can also receive commands from the developer’s server.
- A malicious program from the encryption ransomware family. This Trojans encrypts files and demands a ransom for data decryption.
Trojan.SpyBot.699 multi-module banking Trojan was less active during December, but continued to spread in January. It was created to help cybercriminals download and launch various applications on an infected device, as well as execute different commands. The Trojan is intended to steal money from bank accounts.
In January, Doctor Web’s technical support was most often contacted by victims of the following encryption ransomware:
Dr.Web Security Space for Windows protects against encryption ransomware
During January 2019, 293,012 URLs of non-recommended websites were added to the Dr.Web database.
|December 2018||January 2019||Dynamics|
|+ 257 197||+ 293 012||+13.93%|
Malicious and unwanted programs for mobile devices
Throughout January InfoSec researchers continued discovering malware apps hidden in the Google Play Store. Among them — downloaders from the Android.DownLoader family that were deploying Android banking malware on victim devices. Another threat worth mentioning is adware. In particular, Android.HiddenAds.361.origin and Android.HiddenAds.356.origin. When launched they disappear from the desktop and begin to show ads. In the end of the month cybersecurity researchers uncovered a few new trojan-clickers( Android.Click), capable of loading any website on a developer’s command. To top it all off, new spyware was caught stealing private information from users - Trojan named Android.Spy.525.origin.
Among the most notable January events related to mobile malware we can report the following:
- The detection of new Android Trojans on Google Play;
- Distribution of a dangerous spyware.
Find out more about malicious and unwanted programs for mobile devices in our special overview.