August 10, 2020
The July analysis of Dr. Web’s statistics revealed a 6.41% decrease in the total number of threats compared to the previous month. The number of unique threats increased by 8.58%. Adware and malware installers still occupy the top spot for detected threats. Email traffic was dominated by the Trojan.SpyBot.699 multi-module banking trojan. In addition, users were still threatened by malware that exploit vulnerabilities in Microsoft Office programs as well as by malicious HTML documents that were distributed as attachments and redirected users to phishing websites.
July showed a 16.34% decline in the number of user requests to decrypt infected files as compared with June. Trojan.Encoder.26996 was the most active encoder, accounting for 23.51% of all incidents.
Principal trends in July
- An increase in the number of unique threats
- Adware remain amongst the most active threats
- A decline in ransomware activity
According to Doctor Web’s statistics service
The most common threats in July:
- Trojan.LoadMoney.4020
- A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
- Adware.Downware.19741
- Adware that often serves as an intermediary installer of pirate software.
- Adware.Elemental.17
- Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes the browser settings.
- Trojan.BPlug.3845
- A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.
Statistics for malware discovered in email traffic
- Trojan.SpyBot.699
- A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
- Exploit.CVE-2012-0158
- A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
- HTML.Redirector.32
- HTML.Redirector.38
- Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.
Encryption ransomware
In July, Doctor Web’s virus laboratory registered 16.34% fewer requests to decode files encoded by trojan ransomware than in June.
- Trojan.Encoder.26996 — 23.51%
- Trojan.Encoder.567 — 7.93%
- Trojan.Encoder.29750 — 7.37%
- Trojan.Encoder.11464 — 2.55%
- Trojan.Encoder.30356 — 2.55%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In July 2020, Doctor Web added 198,467 URLs to the Dr.Web database of non-recommended websites.
| June 2020 | July 2020 | Dynamics |
|---|---|---|
| + 122,679 | + 198,467 | + 61.78% |
Malicious and unwanted programs for mobile devices
The total number of July threats on Android devices decreased by 6.7% as compared to the previous month. Part of the malware detected over the past month was again distributed through the Google Play catalog. Among them were Android.HiddenAds.2190 and Android.HiddenAds.2193 that bothered users with annoying banners and decreased the overall usability. Other newly discovered threats were Android.Joker.279 and the Android.Banker.3259 banking trojan. Both programs were disguised as applications to work with SMS.
The following July events related to mobile malware were the most noteworthy:
- A decline in malware activity on protected devices
- Detection of new threats on Google Play
Find out more about malicious and unwanted programs for mobile devices in our special overview.
