Doctor Web’s June 2020 virus activity review

July 21, 2020

The June analysis of Dr.Web’s statistics revealed a 113.21% increase in the total number of threats compared to the previous month. The number of unique threats dropped by 24.1%. Adware and malware installers still made up the majority of detected threats. Email traffic was still dominated by the programs that exploit vulnerabilities in Microsoft Office programs. In addition, the most common threats still included the Trojan.SpyBot.699 multi-module banking trojan, as well as malicious HTML documents that were distributed as attachments and redirected users to phishing websites.

June showed a decline in the number of user requests to decrypt infected files by 6.55% as compared with May. Trojan.Encoder.26996 was the most active encoder, accounting for 24.71% of all incidents.

According to Doctor Web’s statistics service

The most common threats in June:

Trojan.LoadMoney.4020

A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.

Adware.Elemental.17

Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.

Adware.Downware.19741

Adware that often serves as an intermediary installer of pirate software.

Adware.Softobase.15

Installation adware that spreads outdated software and changes the browser settings.

Trojan.BPlug.3845

A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.

Statistics for malware discovered in email traffic

Exploit.CVE-2012-0158

A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.

Trojan.SpyBot.699

A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.

W97M.DownLoader.2938

A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.

Tool.KMS.7

Hacking tools used to activate illegal copies of Microsoft software.

HTML.Redirector.32

Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.

Encryption ransomware

In June, Doctor Web’s virus laboratory registered 6.55% less requests to decode files encoded by trojan ransomware than in May.

• Trojan.Encoder.26996 — 24.71%
• Trojan.Encoder.29750 — 9.26%
• Trojan.Encoder.567 — 8.31%
• Trojan.Encoder.30562 — 1.43%
• Trojan.Encoder.858 — 1.19%

Dangerous websites

In June 2020, Doctor Web added 122,679 URLs to the Dr.Web database of non-recommended websites.

Malicious and unwanted programs for mobile devices

The total number of June threats on Android devices decreased by 17.2% as compared to May. Doctor Web malware analysts detected a new malware on the Google Play catalog, including new versions of the Android.HiddenAds adware, as well as multi-functional trojans from the Android.Joker family, which subscribed victims to paid services and ran arbitrary code. Among the detected threats was a new banking trojan named Android.BankBot.733.origin. It downloaded an auxiliary malicious component and attempted to install it via Android Accessibility Service.

The following June events related to mobile malware were the most noteworthy:

• A decline in malware activity on protected devices
• Detection of new threats on Google Play

Find out more about malicious and unwanted programs for mobile devices in our special overview.