FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
News

News by topic

Virus alerts
The Anti-virus Times
News boxes
Press center

Doctor Web’s May 2019 virus activity review

June 3, 2019

In May, Dr.Web’s statistics registered a 1.49% increase in the number of unique threats compared to April; while the number of all detected threats increased by 14.51%. Malware and unwanted programs statistics show the prevalence of adware and installers. E-mail traffic is still dominated by malware that uses the vulnerabilities of Microsoft Office programs, but in May we also registered an increase in the spread of the dangerous trojan, Trojan.Fbng.8 (FormBook).

Principal Trends in May

  • An increase in malware spreading activity
  • Trojan stealers distributed via email

Threat of the month

In May, Doctor Web’s researchers warned about unique malware for the macOS operating system–Mac.BackDoor.Siggen.20. It allows attackers to download and execute malicious python code on the victim’s device. Additionally, websites that spread the malware also infect their visitors with a Windows spyware trojan, BackDoor.Wirenet.517 (NetWire). The latter is a well-known RAT trojan used by hackers for controlling a victim’s PC remotely. It has several malicious functions, including using the camera and microphone on the victim’s device. The RAT trojan also has a valid digital signature.

More about this threat

According to Doctor Web’s statistics servers

According to Doctor Web’s statistics servers #drweb

Threats of the month:

Adware.Softobase.12
Installation adware that spreads outdated software and changes the browser’s settings.
Adware.Ubar.13
A torrent client designed to install unwanted programs on a user’s device.
Trojan.InstallCore.3553
Another well-known adware installer. It shows ads and installs additional programs without the user’s permission.
Trojan.Winlock.14244
A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
Trojan.Starter.7394
A trojan designed to launch other malicious software on a victim’s device.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Threats of the month:

W97M.DownLoader.2938
A family of downloader trojans that exploit vulnerabilities in Microsoft Office applications. Designed to download other malware onto a compromised computer.
Exploit.ShellCode.69
Another malicious Microsoft Office Word document. This one uses vulnerability called CVE-2017-11882.
Exploit.Rtf.CVE2012-0158
Another malicious Microsoft Office Word document. This one uses a vulnerability called CVE2012-0158.
Exploit.Rtf.435
A malicious Microsoft Office document that uses the CVE-2017-11882 vulnerability to download the Trojan.Fbng.8 (FormBook) trojan on users’ devices.
Trojan.PWS.Stealer.19347
A family of trojans designed to steal passwords and other confidential information stored on an infected computer.

Increased malware activity:

Trojan.Inject3.15480
Trojan also known as Trojan.Fbng.8 (FormBook). The Trojan also known as FormBook. It’s designed to steal private data, but can also receive commands from the developer’s server.

Encryption ransomware

In May, victims of the following encryption ransomware most frequently contacted Doctor Web’s technical support service:

Encryption ransomware #drweb

Dr.Web Security Space for Windows protects against encryption ransomware

Training course
Dr.Web Rescue Pack

Dangerous websites

During May 2019, Doctor Web added 223,952 URLs to the Dr. Web database of non-recommended sites.

April 2019 May 2019 Dynamics
+ 345 999 + 223 952 - 35.27%
Non-recommended websites

Malicious and unwanted programs for mobile devices

In May, malware developers again distributed various malicious programs through the Google Play service. Researchers at Doctor Web discovered a trojan, Android.HiddenAds.1396, which showed advertising banners and blocked the interface of other apps and the operating system. Later the same month, the researchers discovered Android.SmsSpy.10206 and Android.SmsSpy.10263 spyware trojans, which were used to steal incoming SMS and send them to the malware developers.

The most noticeable May event related to mobile malware:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Learn more with Dr.Web

Training course
Booklets