In April, an analysis of Dr. Web’s statistics revealed a 34.5% decrease in the total number of threats compared to the previous month. The number of unique threats dropped by 11.42%. Adware and malware browser extensions still made up the majority of detected threats. The Trojan.SpyBot.699 banking trojan along with malware that exploits vulnerabilities in Microsoft Office programs were the most frequently detected malicious software in email traffic. In addition, the most common threats included malicious HTML documents distributed as email attachments and redirecting users to phishing websites.
In April, the number of user requests to decrypt files affected by encoders increased by 34.27% compared with March. Trojan.Encoder.26996 was the most active encoder, accounting for 32.71% of all incidents.
Principal trends in April
A decline in malware spreading activity
Adware remain amongst the most active threats
A notable rise in encoder activity
According to Doctor Web’s statistics service
The most common threats in April:
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.
Installation adware that spreads outdated software and changes the browser’s settings.
Adware that often serves as an intermediary installer of pirate software.
A torrent client designed to install unwanted programs on a user’s device.
Statistics for malware discovered in email traffic
Malicious and unwanted programs for mobile devices
In April, the total number of threats on Android devices increased by 16.46%, as compared to March. The Doctor Web laboratory uncovered new threats on the Google Play catalog. These include other modifications of the Android.Circle family, which spread under the guise of harmless applications and were executing criminal commands. In addition, Doctor Web virus analysts added new signatures for the Android.HiddenAds.2124 advertising trojan and the Android.Joker.164 malware program, which subscribed victims to paid services and ran arbitrary code.
The following April events related to mobile malware are the most noteworthy:
Detection of new threats on Google Play
Growth in malware activity on protected devices
Find out more about malicious and unwanted programs for mobile devices in our special overview.