Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s May 2020 virus activity review

June 19, 2020

The May analysis of Dr. Web’s statistics revealed a 25.59% decrease in the total number of threats compared to the previous month. The number of unique threats also dropped by 5.35%. Users were mostly exposed to adware and malware downloaders. Email traffic was dominated by malware that exploits vulnerabilities in Microsoft Office programs. In addition, the most common threats still included the Trojan.SpyBot.699 multi-module banking trojan, as well as malicious HTML documents that were distributed as attachments and redirected users to phishing websites.

In May, the number of user requests to decrypt files affected by encoders decreased by 4.18% compared with April. Thus, statistics revealed a decrease in ransomware activity for the first time since the beginning of the year. Trojan.Encoder.26996 was the most active encoder, accounting for 28.94% of all incidents.

Principal Trends in May

  • A decline in malware spreading activity
  • Adware remain amongst the most active threats
  • A minor decrease in encoder activity

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service #drweb

The most common threats in May:

Adware.Elemental.17
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Trojan.LoadMoney.4020
A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
Adware.Softobase.15
Installation adware that spreads outdated software and changes the browser settings.
Adware.Downware.19741
Adware that often serves as an intermediary installer of pirate software.
Trojan.BPlug.3835
A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Exploit.CVE-2012-0158
A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
W97M.DownLoader.2938
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
Trojan.SpyBot.699
A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
Tool.KMS.7
Hacking tools used to activate illegal copies of Microsoft software.
HTML.Redirector.33
Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.

Encryption ransomware

In May, Doctor Web’s virus laboratory registered 4.18% less requests to decode files encoded by trojan ransomware than in April.

Encryption ransomware #drweb

Dangerous websites

In May 2020, Doctor Web added 107,082 URLs to the Dr.Web database of non-recommended websites.

April 2020 May 2020 Dynamics
+ 140,188 + 107,082 - 23.62%

Malicious and unwanted programs for mobile devices

The total number of May threats on Android devices increased by just over 3% as compared to April. Doctor Web malware analysts detected a variety of new threats on the Google Play catalog. These include new versions of Android.HiddenAds adware, as well as various modifications of the Android.Joker family, which subscribed victims to paid services and ran arbitrary code.

Additionally, new records were added to the Dr.Web virus database to detect various banking trojans, as well as a spyware trojan that was distributed as a program for tracking COVID-19 infection statistics. At the end of the month, our specialists uncovered the Android.FakeApp.176 malware, distributed under the guise of the Valorant mobile game. It was used for illegal monetization via affiliate services.

The following May events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040