My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s April 2019 virus activity review

May 6, 2019

In April, Dr.Web’s statistics showed a 39.44% decrease in the number of unique threats compared to March; while the number of all detected threats decreased by 14.96%. E-mail traffic is still dominated by malware that uses the vulnerabilities of Microsoft Office programs. The previous month’s malware and unwanted programs trend also continues. The malicious browser extensions, unwanted programs and adware account for the majority of detected threats.

The number of non-recommended websites increased by 28.04%. One such website was used for spreading a banking trojan and stealer, along with the video and sound editing software, which we reported at the beginning of the month. Additionally, Doctor Web’s researchers warned about the phishing newsletter sent from official e-mails of large international companies.

Principal trends in April

  • A decline in malware spreading activity
  • An increase in the number of domain names added to the Dr.Web database of non-recommended websites

Threat of the month

Doctor Web researchers warned users about a compromised, popular website, which distributes video and sound editing software. Hackers hijacked download links on the website causing visitors to download the dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT) stealer, along with the editing software. Trojans of this family are designed to perform web injections, intercept traffic, log keys and steal information from different bank-client systems. Additionally, the attackers later changed the Win32.Bolik.2 trojan to another malware, the Trojan.PWS.Stealer (KPOT Stealer). This trojan steals information from browsers, Microsoft accounts, several messengers and some other programs.

More about this threat

According to Doctor Web’s statistics servers

According to Dr.Web Anti-virus statistics #drweb

Threats of the month:

Installation adware that spreads outdated software and changes the browser’s settings.
A torrent client designed to install unwanted programs on a user’s device.
Trojan designed for launching other malicious software on a victim’s device.
The sort of adware that is usually distributed as an installer for pirated software. Upon installation, it changes a browser’s settings and may install other software without asking for the user’s permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

A modified Microsoft Office document. It exploits the CVE-2017-11882 vulnerability in order to run malicious code.
Another malicious Microsoft Office Word document. This one uses a vulnerability called CVE2012-0158.
A variety of malicious code written in JavaScript and designed to download and install other malware on a computer.
A malicious program from the encryption ransomware family. This trojan encrypts files and demands a ransom for data decryption.
A family of downloader Trojans that exploit vulnerabilities in office applications. Designed to download other malware onto a compromised computer.

Encryption ransomware

In April, Doctor Web’s technical support was most frequently contacted by victims of the following encryption ransomware:

Encryption ransomware #drweb

Dangerous websites

During April 2019, Doctor Web added 345,999 URLs to the Dr.Web database of non-recommended websites.

March 2019April 2019Dynamics
+ 270 227+ 345 999+ 28.04%

Malicious and unwanted programs for mobile devices

In April, Doctor Web reported the dangerous trojan, Android.InfectionAds.1, which exploited several critical vulnerabilities in OS Android. Using them, it could infect apk files, as well as install and delete programs without a user’s permission.

Also during April, new malware such as trojan downloaders and clickers were discovered in the Google Play catalogue, as well as new credential stealers for Instagram, called Android.PWS.Instagram.4 and Android.PWS.Instagram.5.

Additionally, new banking trojans threatened Android smartphone and tablet users. Among them were new versions of the Android.Banker.180.origin trojans and other malware.

Among the most noticeable April events related to mobile malware were: