In December, Dr.Web server statistics revealed an increase in the total number of threats by 83.26% compared with the previous month. The number of unique threats dropped only slightly by 0.75%. Adware and unwanted programs still occupy the top spot for detected threats. The most common threat found in email traffic was malware that exploits vulnerabilities in Microsoft Office documents.
The number of requests to decrypt files effected by trojan encoders has slightly decreased. Trojan.Encoder.26996 was the most active encoder, accounting for 22.62% of all incidents.
Principal trends in December
Growth in malware spreading activity
Advertising trojans and adware remain amongst the most active threats
A decline in ransomware activity
According to Doctor Web’s statistics servers
The most common threats in December:
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Installation adware that spreads outdated software and changes the browser’s settings.
An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Adware that often serves as an intermediary installer of pirate software.
Another notorious adware installer that displays ad banners and installs software without user permission.
Statistics for malware discovered in email traffic
Malicious and unwanted programs for mobile devices
In December, cybercriminals also continued spreading new modifications of Android.Joker malware on Google Play. These trojans subscribe victims to paid services and execute arbitrary code at the request of the Command and Control server. On top of that, Doctor Web virus analysts detected additional malicious software that ran arbitrary code and launched other malicious modules.
The most noteworthy December event relating to mobile malware was the detection of new threats on Google Play.