The page may not load correctly.
October 31, 2022
The number of user requests to decrypt files affected by encoders increased by 41.26% last month. The most common encoder in September was Trojan.Encoder.3953 with a share of 25.83% of all incidents recorded. At the same time, Trojan.Encoder.26996, which was the leading encoder for many months, dropped down to second place.
Doctor Web’s malware analysts uncovered new threats on the Google Play catalog. Among them were various fake apps from the Android.FakeApp family, which are being used by cybercriminals in various scam schemes, and adware.
The most common threats of the month:
In September, the number of user requests to decrypt files affected by encoders increased by 41.26% compared to August.
In September 2022, Doctor Web’s Internet analysts continued registering active spam campaigns with emails containing links to fraudulent websites. Among them were sites on which Russian users could allegedly obtain free lottery tickets. In reality, there were no tickets, and cybercriminals misled potential victims by simulating prize draws. With that, every visitor was informed that they were the winner. To “receive” the prize, users were asked to provide their bank card details and pay a “commission” for the money transfer.
Below are examples of two such websites. On one of them, a lottery game is simulated, and the user receives a message about the win. On the other, a commission is allegedly paid for “transferring” the prize to the victim’s bank card.
On other websites, users were invited to join various investing platforms that were allegedly affiliated with famous financial and gas and oil companies. To do this, they had to take a survey and then register an account, providing their first and last name, email address, and mobile phone number. Upon completing the “registration”, victims of such a scam scheme are then typically redirected to various sites, including unwanted ones. Moreover, cybercriminals can later use the provided data to organize phishing attacks or make fraudulent phone calls.
An example of a phishing email declaring an opportunity to get free money on a bank card. For this, the potential victim is asked to follow the link provided in the email. When the user clicks on this link, a fraudulent site is loaded. This site contains information on “easy income” and an advertisement for another scam website that is allegedly related to a large Russian bank.
Last month, we observed the increased activity of banking trojans that target Android device users. With that, there was a slight decrease in the activity of malicious apps designed to display unwanted ads. At the same time, we noted that the activity of the Android.Spy.4498 trojan, which is designed to steal information from other apps’ notifications, continued to decrease.
Over the course of September, Doctor Web’s virus laboratory specialists discovered new threats on Google Play. Among them were other trojans from the Android.FakeApp family, which are being used by cybercriminals in various fraudulent schemes, and applications containing unwanted adware components.
The following September events involving mobile malware are the most noteworthy:
Find out more about malicious and unwanted programs for mobile devices in our special overview.