My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s November 2019 virus activity review

December 11, 2019

In November, Doctor Web server statistics confirmed a 3.66% growth in the number of the detected threats as compared with October. The number of unique threats grew by 9.59%. As for email traffic, the most common threats exploited MS Office vulnerabilities. There was also a large number of trojan downloaders and stealers. Adware made up the majority of detected threats. Last month, we also found new Android malware on Google Play. The list featured a dangerous backdoor, trojan adware, and trojans that subscribed users to paid services.


  • Growth in malware spreading activity
  • A decline in ransomware activity

According to Doctor Web statistics servers

According to Doctor Web statistics servers #drweb

Threats of this month:

Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising and install unwanted software.
Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Adware that often serves as an intermediary installer of pirate software.
A torrent client that installs unwanted software on devices.
Another notorious adware installer. It displays ad banners and installs software without users’ permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
A PDF document used in phishing newsletters.
A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.


In November, Doctor Web’s technical support service was most commonly dealing with the following trojan encoders:

Encoders #drweb

Dangerous websites

In November 2019, Doctor Web added 162,581 URLs to the Dr.Web database of non-recommended websites.

October 2019 November 2019 Dynamics
+ 254 849 + 162,581 - 36.2%

Malicious and unwanted programs for mobile devices

In November, we detected new malware on Google Play. Again, users were targeted by the trojan adware of the Android.HiddenAds family that displayed obnoxious banners and interfered with the normal work with Android devices. Apart from that, cybercriminals were spreading the malware of the Android.Joker family. These trojans spy on victims and subscribe them to paid services; while some modifications can execute arbitrary code and launch extra malicious modules.

Doctor Web virus analysts also detected a new version of the Android.Backdoor.735.origin backdoor that executes cybercriminal commands and is designed as spyware.

The following November events relating to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.