FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s April 2022 virus activity review

May 27, 2022

In April, an analysis of Dr.Web’s statistics revealed a 3.17% decrease in the total number of threats, compared to March. With that, the number of unique threats also went down by 27.06%. Users were mostly threatened by unwanted software, adware and bundlers. Trojan downloaders and programs exploiting vulnerabilities in Microsoft Office software were the most frequently detected threats in email traffic.

In April, the number of user requests to decrypt files affected by encoders decreased by 2.25%, compared to the previous month. Trojan.Encoder.26996 was the most active, accounting for almost 40% of all incidents.

Principal trends in April

  • A decrease in the number of unique threats
  • Adware remains the top threat
  • The spread of websites with bogus installers of popular software

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service

The most common threats of the month:

Adware.SweetLabs.5
An alternative App Store and Add-On for Windows GUI (graphical user interface) by the creators of “OpenCandy" Adware.
Adware.Downware.19998
Adware.Downware.20040
Adware that often serves as an intermediary installer of pirate software.
Adware.OpenCandy.247
A family of applications that install other software on a system.
BAT.Hosts.186
A malicious script written in Windows command interpreter language. It modifies the hosts file by adding a certain list of domains into it.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic

W97M.DownLoader.2938
X97M.DownLoader.4108
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents. They can also download other malicious programs to a compromised computer.
Exploit.CVE-2018-0798.4
An exploit designed to take advantage of a Microsoft Office software vulnerability and allow an attacker to run arbitrary code.
JS.Redirector.435
A malicious script that redirects users to a web page controlled by fraudsters.
Trojan.PWS.Stealer.23680
A trojan designed to steal passwords and other confidential user data.

Encryption ransomware

User requests to decrypt files affected by encoders decreased by 2.25%, compared to the previous month.

Encryption ransomware

Dangerous websites

In April 2022, web analysts observed an increase in the number of websites masquerading as official download pages of various popular software. Cybercrooks used these websites to spread bogus installers that delivered adware and malware to users’ computers.

Dangerous websitesDangerous websites

The snapshot shows an example of such a website and the launch of such an installer. The program attempts to install a proxy browser plugin and additionally installs unwanted software to the user’s PC.

Malicious and unwanted programs for mobile devices

According to detection statistics of Dr.Web anti-virus products for Android, last month Android.Spy.4498 became the most frequent threat detected on users’ devices. It steals information from other apps’ notifications. Numerous advertising trojans also remained a common type of mobile malware. With that, the overall activity of both threats slightly decreased compared to the previous month.

However, during April, new malware was found in the Google Play catalog. Among them are fraudulent apps from the Android.FakeApp family and Android.Joker trojans that subscribe users to paid services.

The following April events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies