September 8, 2021
In August, the number of user requests to decrypt files affected by encoders increased by 4.2% compared with July. Trojan.Encoder.26996 was the most active threat, accounting for 52.54% of all incidents.
Principal trends in August
- A rise in malware activity
- Adware remains among the top threats
- Malicious files spread in email traffic
According to Doctor Web’s statistics service
The most common threats in July:
- Adware.SweetLabs.5
- An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Elemental.17
- Adware that spreads through file-sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
- Adware.Downware.19856
- Adware often serving as an intermediary installer of pirate software.
- Trojan.AutoIt.980
- A malicious utility program written in the AutoIt language and is distributed as part of a miner or RAT trojan. It performs various malicious actions that make it difficult to detect the main payload.
- Trojan.MulDrop16.4830
- A malicious program that downloads unwanted applications to a victim's computer.
Statistics for malware discovered in email traffic
- W97M.DownLoader.2938
- A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents and are designed to download other malicious programs onto compromised computers.
- Trojan.PackedNET.964
- Packed malware written in VB.NET.
- BackDoor.SpyBotNET.25
- A backdoor written in .NET and designed to operate with a file system (copying, creating, deleting, etc. catalogs), terminate processes, and take screenshots.
- PDF.Phisher.267
- A PDF document used in phishing newsletters.
- HTML.FishForm.171
- A web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page are sent to the attacker.
Encryption ransomware
User requests to decrypt files affected by encoders increased by almost 4.2% compared to July.
- Trojan.Encoder.26996 — 52.54%
- Trojan.Encoder.567 — 5.07%
- Trojan.Encoder.30356 — 2.13%
- Trojan.Encoder.11539 — 0.80%
- Trojan.Encoder.11432 — 0.27%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In August 2021, Doctor Web’s analysts’ attention was drawn to increased incidents of distribution links to suspicious sites offering online psychic services. Consulting “experts” in divination, astrology, and extrasensory perception costs a lot of money, but it is not possible to check the quality of the implemented service.
The screenshot shows the main page that contains cliches “best site”, “highly skilled experts”, and “money-back guarantee”. However, in reality, this site shows another fraudulent scheme involving “experts” recruited from social networks. Similar resources are not blocked by the government, but Dr.Web sent them into a database of non-recommended websites.
Malicious and unwanted programs for mobile devices
In August, Doctor Web’s malware analysts uncovered many threats on Google Play. Among them were various fake Trojans from the Android.FakeApp family that downloaded fraudulent websites. In addition, our specialists have identified another Trojans in Android.Joker, capable of running arbitrary code, as well as subscribing victims to paid services. In addition, trojans that steal logins and passwords from Facebook accounts were detected.
During August 2021, adware and trojans that download malicious software were the threats recorded most often on Android devices protected by Dr.Web.
The following August events related to mobile malware are the most noteworthy:
- Detection of new threats on Google Play
- Advertising trojan and adware remain amongst the most active threats.
Learn more about malicious and unwanted programs for mobile devices in our August overview.
