The page may not load correctly.
June 28, 2023
The number of user requests to decrypt files affected by encoder trojans decreased by 0.27%, compared to the previous month. Victims of this type of malware were most often attacked by the encoders Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.35534.
Over the course of May, Doctor Web specialists once again spotted trojans from the Android.FakeApp family on Google Play. Cybercriminals use these in various fraudulent schemes. In addition, more trojans that subscribe victims to paid services were detected.
The most common threats in May:
In May, the number of requests to decrypt files damaged by encoder trojans decreased by 0.27%, compared to April.
The most common encoders of May:
In May, malicious actors continued distributing unwanted emails with links to various fraudulent sites, such as those related to investments. For instance, Doctor Web Internet analysts discovered more web resources offering users the chance to make money with the help of pseudo-trading automated systems like Quantum System, Quantum UI, and others. To “gain access” to the system, potential victims are asked to register an account by providing their personal data. This information ends up in the scammers’ hands. After that, they can sell it on the black market and also trick users into entrusting their money to “trading algorithms” that allegedly guarantee success and a high yield.
The screenshots above show examples of pages from one of these fraudulent sites. Visitors are asked to register an account and then to provide an email address. The latter is allegedly for receiving further instructions on how to use the “product” in question.
According to detection statistics collected by Dr.Web for Android, in May, users were less likely to encounter adware trojans. In addition, banking trojans and ransomware were less often detected on protected devices. At the same time, the number of spyware trojan attacks significantly increased.
Over the course of last month, more threats were detected on Google Play. Among them were fraudulent apps from the Android.FakeApp family as well as trojans from the Android.Joker and Android.Harly families which subscribe users to paid services.
The following May events involving mobile malware are the most noteworthy:
Find out more about the security threat landscape for mobile devices in May in our special overview.