FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web presents the virus activity review for February 2022

March 31, 2022

Our February analysis of Dr.Web’s statistics revealed a 42.2% increase in the total number of threats, compared with the previous month. The number of unique threats decreased by 2.87%. That said, adware still made up the majority of detected threats. These threats manifested with different types of malware. Different malware, including fishing websites, was most often distributed in mail traffic.

In February, the number of user requests to decrypt files affected by encoders decreased by 10.72% compared with January. Trojan.Encoder.26996 was the most active, accounting for almost a quarter of all incidents.

Principal trends in February

  • A rise in malware activity
  • Adware remains among the top threats

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service

The most common threats in February:

Adware.SweetLabs.5
An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of Adware, like “OpenCandy".
Adware.Downware.19998
Adware that often serves as an intermediary installer of pirate software.
Adware.OpenCandy.247
A family of applications that install other software on the system.
Trojan.AutoIt.710
Trojan.AutoIt.961
A malicious utility program written in AutoIt language and distributed as part of a miner or RAT trojan.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic

W97M.DownLoader.2938
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. It can also download other malicious programs to a compromised computer. It’s designed to download more malware onto a compromised computer.
HTML.Fisher.353
An HTML phishing page that includes a form for filling in credentials to access an email account.
BackDoor.SpyBotNET.25
The emergence of a new backdoor written in Python A backdoor written in VB.NET. It can operate with a file system (copy, create, delete catalogs, etc.), terminate processes, and take screenshots.
Trojan.PackedNET.1168
Packed malware.
HTML.FishForm.294
A web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page are sent to the attacker.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by almost 10.72% compared to January.

Encryption ransomware

Dangerous websites

In February, Doctor Web’s analysts noticed increased fraud banking sites disguised as official online delivery services. For each user, a unique page with confidential data is created. The page asks the user to enter bank card details for payment.

Dangerous websites

The snapshot shows an example of a website like this. Here are the fake departure numbers and payment status.

Malicious and unwanted programs for mobile devices

According to the detection statistics of Dr.Web anti-virus products for Android, in February, the Android.Spy.4498 trojan became the most common threat again. This trojan steals information from notifications from other applications. This malware accounted for 47.83% of detections. At the same time, advertising trojans again showed high activity.

Among the threats identified by Doctor Web specialists in the Google Play catalog are new fake programs from the Android.FakeApp family, multifunctional Android.Triada trojans, and yet another malicious program from the Android.Subscription, designed to subscribe users to paid mobile services.

The following February events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies