My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s June 2021 virus activity review

July 9, 2021

The June analysis of Dr.Web’s statistics revealed a 8% increase in the total number of threats compared to the previous month. The number of unique threats decreased by 18.7%. Adware still made up the majority of detected threats. A variety of malware, including web pages distributed in phishing campaigns, were the most frequently detected threats in email traffic.

In June, the number of user requests to decrypt files affected by encoders decreased by 8% compared with May. Trojan.Encoder.26996 was the most active, accounting for 37.65% of all incidents.

Principal trends in June

  • Growth in malware spreading activity
  • Adware remains among the top threats
  • The detection of new malicious programs in email traffic

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service #drweb

The most common threats in June:

Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Adware that often serves as an intermediary installer of pirate software.
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Installation adware that spreads outdated software and changes browser settings.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and are designed to download other malicious programs onto compromised computers. It is designed to download other malware onto a compromised computer.
Packer components with different payloads.
The web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page is sent to the attacker.
A PDF document used in phishing newsletters.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by almost 8% compared to May.

Encryption ransomware #drweb

Dangerous websites

In June 2021, Doctor Web analysts discovered activity in the sale of fake vaccinations QR сodes. The cybercriminals offered fake QR codes to enter cafe and restaurants.


The screenshot shows an example of a QR code trading scheme. Sales happens in private channels, which can be accessed only after joining the special chat. They publish enthusiastic customer reviews and promise a 100% guarantee of entry into any restaurant.

Malicious and unwanted programs for mobile devices

According to the detection statistics, Dr.Web anti-virus products for Android detected various trojans designed to display advertisements most often in June. Besides that, malicious applications that can execute arbitrary code and load other software remained among the most common threats.

Over the past month, Doctor Web virus analysts have discovered many threats on Google Play. Among them were various fake Trojans from the Android.FakeApp family that downloaded fraudulent websites. In addition, our specialists have identified another Trojans in Android.Joker, capable of running arbitrary code, as well as subscribing victims to paid services. These trojans were capable of running arbitrary code, as well as subscribing victims to paid services. In addition to that, trojans that steal logins and passwords from Facebook accounts were detected. Dr.Web reported on this in a recent news publication.

The following June events related to mobile malware were the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies