The page may not load correctly.
March 17, 2021
Our February analysis of Dr.Web’s statistics revealed an increase in the total number of threats by 25.07% compared with the previous month. With that, the number of unique threats dropped by 7.57%. Adware continued to occupy the top spot for most common threats. Email traffic was dominated by various malicious scripts and the obfuscated modifications of the Bladabindi backdoor and the AgentTesla stealer. In addition, users continued to be exposed to malware exploiting vulnerabilities in Microsoft Office utilities.
The number of requests to decrypt files affected by trojan encoders decreased by 21.27% compared to January. Trojan.Encoder.26996 was the most active, accounting for 21.45% of all incidents.
The most common threats in February:
In February, Doctor Web’s virus laboratory registered 21.27% fewer requests to decode files encoded by trojan ransomware than in January.
During January 2021, Doctor Web Internet analysts added numerous fraudulent and malicious resources to the Dr.Web database of non-recommended websites. In addition to exploiting the theme of payments and fake compensation, attackers returned to other well-known fraud schemes. So in February, analysts uncovered many bogus private cinema websites.
This is a snapshot of the fraudulent private cinema website. The cybercrook sends a site link to its potential victim.
Attackers actively used various social engineering methods to push potential victims into purchasing tickets for a film show on one of these sites. After paying for tickets, users simply lost their money, and their bank card data was transferred to the website operators. In some cases, the victim was then contacted by the fake technical support that, under the pretext of issuing a refund, sent another payment form.
Also in February, analysts found several websites inviting visitors to view videos for a reward.
In fact, the fraudsters used these sites to collect user data, for phishing, to distribute specialized unwanted software, to raise the number of views, and other similar purposes. In addition, the scammers themselves received the reward from partner services for user activity.
In February, malware that is able to download other software and execute arbitrary code, as well as trojans that showed ads were again among the most common mobile threats.
During the month, Doctor Web’s virus analysts discovered many malicious apps in the Google Play catalog. They include modifications of the multifunctional Android.Joker trojans capable of running arbitrary code and subscribing Android users to paid services, the Android.FakeApp trojans disguised as useful software, Android.HiddenAds advertising trojans, and other malware.
The following February events related to mobile malware are the most noteworthy:
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.
2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124
Doctor Web in social networksLink accounts