The page may not load correctly.
September 6, 2023
The number of user requests to decrypt files affected by encoder trojans decreased by 15.57%, compared to the previous month. The most common encoders were Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.34027.
Over the course of June, Doctor Web’s malware analysts discovered other fraudulent applications from the Android.FakeApp family on Google Play. In addition, malicious actors again distributed Android.Joker trojan apps that subscribe Android device users to paid services.
The most common threats in June:
In June, the number of requests to decrypt files affected by encoder trojans decreased by 15.57%, compared to May.
The most common encoders of June:
In June, Doctor Web’s Internet analysts observed an increase in the number of websites through which users allegedly can legally purchase or restore certain documents of the Russian Federation, The Commonwealth of Independent States (CIS), and other countries. Among them, for example, are passports, driver licenses, diplomas, various certificates, and so on. Those who operate these sites assure potential customers of the complete legality and safety of such services. At the same time, they also may note that they are not responsible for the “product” on offer and that all the information on their web resources is presented for “informational purposes”.
Users who resort to such dubious services incur risks for a number of reasons. Not only can they fall victim to fraudsters, who will steal their money, but they can also commit a crime by purchasing a fake document that has nothing to do with the legal one.
Below is an example of a website that offers the opportunity to purchase the passport of a citizen of the Russian Federation:
Examples of sites that sell higher education diplomas:
An example of a site that offers driver licenses and other documents for purchase:
In addition, malicious actors continued creating fraudulent sites where visitors were invited to take part in prize and gift draws that had allegedly been organized on behalf of online stores. Potential victims were granted with several attempts. At first, they were “winning” freely available promo codes for a variety of services. However, the main “prize” would be a large cash reward in foreign currency. To get the money, users supposedly had to either pay a commission for the money to be transferred to their bank card or online wallet, or pay for the currency conversion. In reality though, victims of these fraudsters did not receive any of the promised cash prizes and rewards.
The screenshots above show an example of one of the fraudulent websites offering the opportunity to take part in prize “draws”. Based on a predetermined script, the site announces a win of $4,500. When the potential victim tries to obtain the prize, they see a message stating that an error has occurred and that they need to pay a commission to convert the currency into Russian rubles.
According to detection statistics collected by Dr.Web for Android, in June 2023, the activity of adware trojans from the Android.MobiDash family decreased. At the same time, users were more often attacked by a similar trojan family, Android.HiddenAds. Compared to May, Android device owners encountered spyware trojans and banking malware less often. By contrast, the number of Android.Locker ransomware trojan attacks increased.
Over the course of June, many new threats were detected on Google Play. Among them were malicious apps from the Android.FakeApp family and Android.Joker trojans that subscribe victims to paid services.
The following June events involving mobile malware are the most noteworthy:
To find out more about the security-threat landscape for mobile devices in June, read our special overview.