The page may not load correctly.
March 1, 2019
In February Dr.Web’s statistics showed a 9.73% decrease in the number of unique threats compared to January. Malware activity this month barely topped the numbers of December 2018, but for some threats there are clear dynamics. For example, the activity of the JS.Miner.28 which had been increasing in January, continued to grow and finally outperformed its competitor - JS.Miner.11. At the same time, Trojan.Starter.7394 grew by 14.29% compared to January, when Trojan.DownLoader26.28109 on the other hand, had a three-fold decrease in the number of detected threats. Additionally, the amount of URLs added to Dr.Web’s database of non-recommended and dangerous websites decreased by 1.68%. And the technical support statistics registered a decrease in the number of applications submitted by the ransomware victims.
Threat of the month:
Decreased amount of threats from:
In February, Doctor Web’s technical support was most often contacted by victims of the following encryption ransomware:
During February 2019, 288 159 URLs of non-recommended websites were added to the Dr.Web database.
|+ 293 012
|+ 288 159
Last month Dr.Web’s analysts found many malicious and unwanted programs designed for Android OS. The analysts also uncovered an advertising campaign that helped spread trojans of Android.HiddenAds family. Android.HiddenAds. The ads were placed on YouTube and Instagram and invited users to download applications for video and photo editing, which turned out to be carrying malware inside them.
In February our researchers added a few new entries for detecting the Android.FakeApp type of malware. Android.FakeApp. Those trojans opened websites that suggested completing a survey for some substantial reward. In order to receive the promised reward a user had to pay commission fees or complete a test transaction to confirm their identity. If they agreed, the money would be lost and no reward would be granted.
Beyond that, malware developers were spreading a dangerous trojan called Android.RemoteCode.2958, which downloaded other malware by executing remote code. A Android.RemoteCode.2958 that distributes and installs other malicious programs on Android devices. Another malware found by our analytics - Android.Proxy.4, it was used for creating proxy servers on a compromised device. And Doctor Web’s virus database got updated with new entries of adware families called Adware.Sharf.2 and Adware.Patacore.
The most noticeable February event related to mobile malware:
Find out more about malicious and unwanted programs for mobile devices in our special overview.