March 31, 2022
Our February analysis of Dr.Web’s statistics revealed a 42.2% increase in the total number of threats, compared with the previous month. The number of unique threats decreased by 2.87%. That said, adware still made up the majority of detected threats. These threats manifested with different types of malware. Different malware, including fishing websites, was most often distributed in mail traffic.
In February, the number of user requests to decrypt files affected by encoders decreased by 10.72% compared with January. Trojan.Encoder.26996 was the most active, accounting for almost a quarter of all incidents.
Principal trends in February
- A rise in malware activity
- Adware remains among the top threats
According to Doctor Web’s statistics service
The most common threats in February:
- An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of Adware, like “OpenCandy".
- Adware that often serves as an intermediary installer of pirate software.
- A family of applications that install other software on the system.
- A malicious utility program written in AutoIt language and distributed as part of a miner or RAT trojan.
Statistics for malware discovered in email traffic
- A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. It can also download other malicious programs to a compromised computer. It’s designed to download more malware onto a compromised computer.
- An HTML phishing page that includes a form for filling in credentials to access an email account.
- The emergence of a new backdoor written in Python A backdoor written in VB.NET. It can operate with a file system (copy, create, delete catalogs, etc.), terminate processes, and take screenshots.
- Packed malware.
- A web page spread via phishing emails. It is a bogus authorization page that mimics well-known websites. The credentials a user enters on the page are sent to the attacker.
User requests to decrypt files affected by encoders decreased by almost 10.72% compared to January.
Dr.Web Security Space for Windows protects against encryption ransomware
In February, Doctor Web’s analysts noticed increased fraud banking sites disguised as official online delivery services. For each user, a unique page with confidential data is created. The page asks the user to enter bank card details for payment.
The snapshot shows an example of a website like this. Here are the fake departure numbers and payment status.
Malicious and unwanted programs for mobile devices
According to the detection statistics of Dr.Web anti-virus products for Android, in February, the Android.Spy.4498 trojan became the most common threat again. This trojan steals information from notifications from other applications. This malware accounted for 47.83% of detections. At the same time, advertising trojans again showed high activity.
Among the threats identified by Doctor Web specialists in the Google Play catalog are new fake programs from the Android.FakeApp family, multifunctional Android.Triada trojans, and yet another malicious program from the Android.Subscription, designed to subscribe users to paid mobile services.
The following February events related to mobile malware are the most noteworthy:
- Growth in activity of trojan Android.Spy.4498;
- High activity of adware trojans
- Emergence of new malicious applications on Google Play
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Find out more with Dr.Web