The page may not load correctly.
May 17, 2023
The number of user requests to decrypt files damaged by encoder trojans increased by 7.3%, compared to the previous month. Most often users were attacked by Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.35534 ransomware.
At the same time, Doctor Web’s specialists discovered over 60 malicious apps from the Android.FakeApp family on Google Play. Threat actors used these in various fraudulent schemes.
The most common threats of the month:
In March, the number of requests to decrypt files damaged by encoder trojans increased by 7.3%, compared to February.
In March, Doctor Web’s Internet analysts again observed the activity of fraudsters who tried luring users to fake investment-related websites, such as web resources allegedly affiliated with famous companies. When potential victims visit such sites, they are offered the opportunity to gain access to certain investing platforms that allegedly allow people to make money from their investments quickly and without any risks. In reality, the malicious actors are misleading users: they collect their personal information and involve them in various fraudulent schemes, participation in which could lead to financial losses.
The screenshots above depict examples of one such site’s page. First, the visitor is offered “access” to the platform, but they must participate in a formal survey beforehand. Next, the potential victim is requested to provide personal information. Finally, the website displays a message stating that the user has successfully registered an account and that they will be contacted by an “expert” that same day.
According to the detection statistics collected by Dr.Web for Android, in March, adware trojans from the Android.HiddenAds family remained among the most widespread threats. In addition, users encountered banking trojans and ransomware malware more often. With that, spyware trojans infected protected Android devices less frequently.
During March, our virus analysts discovered dozens of trojan apps from the Android.FakeApp family on Google Play. Threat actors distributed these fake apps under the guise of harmless games and programs. However, their primary functionality was to load different websites, including fraudulent ones. Moreover, our specialists identified cases of Android-based TV box models being infected. The dangerous Android.Pandora.2 backdoor was involved in this attack where the protected system partition was infected. This trojan is capable of performing various malicious actions on the command of threat actors.
The following March events involving mobile malware are the most noteworthy:
Find out more about malicious and unwanted programs for mobile devices in our special overview.