My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s December 2023 virus activity review

January 30, 2023

An analysis of Dr.Web anti-virus detection statistics for December 2023 revealed a 40.87% increase in the total number of threats detected, compared to November. The number of unique threats also increased by 24.55%. Once again, most commonly detected were adware trojans and unwanted adware programs as well as malicious programs that are distributed with other threats to make them more difficult to detect. In email traffic, phishing documents of various formats were most frequently found.

The number of user requests to decrypt files affected by encoder trojans decreased by 27.95%, compared to November. Most often, victims of these encrypting trojans encountered Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.37369, which accounted for 21.76%, 20.73%, and 4.14% of all recorded incidents, respectively.

In December, Doctor Web’s specialists discovered yet other malicious programs on Google Play. Also found were new websites that cybercriminals were using to distribute fake crypto-wallet software for the Android and iOS operating systems.

Principal trends in December

  • An increase in the total number of threats detected
  • The dominance of phishing documents in malicious email traffic
  • A decrease in the number of user requests to decrypt files affected by encoder trojans
  • The discovery of new malicious apps on Google Play
  • The continued distribution of fake crypto-wallet software for mobile devices

According to Doctor Web’s statistics service

The most common threats in December:

Adware that often serves as an intermediary installer of pirated software.
The detection name for a freeware browser that was created with an Electron framework and has a built-in adware component. This browser is distributed via various websites and loaded onto users’ computers when they try downloading torrent files.
The detection name for a packed version of the Trojan.AutoIt.289 malicious app, written in the AutoIt scripting language. This trojan is distributed as part of a group of several malicious applications, including a miner, a backdoor, and a self-propagating module. Trojan.AutoIt.289 performs various malicious actions that make it difficult for the main payload to be detected.
An alternative app store and an add-on for Windows GUI (graphical user interface) from the creators of “OpenCandy” adware.
The detection name for a malicious component of the WinSafe browser extension. This component is a JavaScript file that displays intrusive ads in browsers.

Statistics for malware discovered in email traffic

Microsoft Word phishing documents that target users who want to become investors. They contain links to fraudulent websites.
PDF documents used in phishing newsletters.
A family of malicious JavaScripts that inject a malicious script into the HTML code of webpages.

Encryption ransomware

In December 2023, the number of requests made to decrypt files affected by encoder trojans decreased by 27.95%, compared to November.

The most common encoders of December:

Trojan.Encoder.26996 — 21.76%
Trojan.Encoder.3953 — 20.73%
Trojan.Encoder.37369 — 4.14%
Trojan.Encoder.34790 — 3.63%
Trojan.Encoder.30356 — 3.11%

Dangerous websites

In December 2023, Doctor Web’s Internet analysts continued to identify new fraudulent investing-themed websites that are allegedly connected with oil and gas companies, banks, and other organizations. Visitors of such sites are asked to provide personal data to register an account and gain access to one or another financial service.

During the New Year holiday season, malicious actors adjusted their deception theme accordingly: they attracted potential victims with “gifts” and “special terms”. On one of these scam websites, for example, “in honor of the upcoming New Year”, visitors were offered an opportunity to freely access some investing platform:

And on another site—one allegedly backed by the Russian Federation government and one large oil and gas company—social payments “awaited” all citizens.

Malicious and unwanted programs for mobile devices

According to detection statistics collected by Dr.Web for Android, in December, users were most often attacked by Android.HiddenAds adware trojans. At the same time, the activity of these malicious apps decreased, compared to the previous month. The number of banking trojan and spyware trojan attacks also decreased.

Over the course of December, Doctor Web’s virus analysts discovered other fake apps from the Android.FakeApp family on Google Play. In addition, our specialists found new websites which cybercriminals use to distribute fake crypto-wallet software for Android and iOS-based devices.

The following December events involving mobile malware are the most noteworthy:

  • A decrease in the activity of Android.HiddenAds adware trojans,
  • A decrease in banking trojan and spyware trojan activity,
  • The discovery of new malicious programs on Google Play,
  • The discovery of new websites, through which fake crypto-wallet software is distributed.

To find out more about the security-threat landscape for mobile devices in December, read our special overview.