The page may not load correctly.
May 6, 2019
In April, Dr.Web’s statistics showed a 39.44% decrease in the number of unique threats compared to March; while the number of all detected threats decreased by 14.96%. E-mail traffic is still dominated by malware that uses the vulnerabilities of Microsoft Office programs. The previous month’s malware and unwanted programs trend also continues. The malicious browser extensions, unwanted programs and adware account for the majority of detected threats.
The number of non-recommended websites increased by 28.04%. One such website was used for spreading a banking trojan and stealer, along with the video and sound editing software, which we reported at the beginning of the month. Additionally, Doctor Web’s researchers warned about the phishing newsletter sent from official e-mails of large international companies.
Doctor Web researchers warned users about a compromised, popular website, which distributes video and sound editing software. Hackers hijacked download links on the website causing visitors to download the dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT) stealer, along with the editing software. Trojans of this family are designed to perform web injections, intercept traffic, log keys and steal information from different bank-client systems. Additionally, the attackers later changed the Win32.Bolik.2 trojan to another malware, the Trojan.PWS.Stealer (KPOT Stealer). This trojan steals information from browsers, Microsoft accounts, several messengers and some other programs.
Threats of the month:
In April, Doctor Web’s technical support was most frequently contacted by victims of the following encryption ransomware:
During April 2019, Doctor Web added 345,999 URLs to the Dr.Web database of non-recommended websites.
|+ 270 227
|+ 345 999
In April, Doctor Web reported the dangerous trojan, Android.InfectionAds.1, which exploited several critical vulnerabilities in OS Android. Using them, it could infect apk files, as well as install and delete programs without a user’s permission.
Also during April, new malware such as trojan downloaders and clickers were discovered in the Google Play catalogue, as well as new credential stealers for Instagram, called Android.PWS.Instagram.4 and Android.PWS.Instagram.5.
Additionally, new banking trojans threatened Android smartphone and tablet users. Among them were new versions of the Android.Banker.180.origin trojans and other malware.
Among the most noticeable April events related to mobile malware were: