An analysis of Dr.Web anti-virus detection statistics for December 2023 revealed a 40.87% increase in the total number of threats detected, compared to November. The number of unique threats also increased by 24.55%. Once again, most commonly detected were adware trojans and unwanted adware programs as well as malicious programs that are distributed with other threats to make them more difficult to detect. In email traffic, phishing documents of various formats were most frequently found.
The number of user requests to decrypt files affected by encoder trojans decreased by 27.95%, compared to November. Most often, victims of these encrypting trojans encountered Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.37369, which accounted for 21.76%, 20.73%, and 4.14% of all recorded incidents, respectively.
In December, Doctor Web’s specialists discovered yet other malicious programs on Google Play. Also found were new websites that cybercriminals were using to distribute fake crypto-wallet software for the Android and iOS operating systems.
Principal trends in December
- An increase in the total number of threats detected
- The dominance of phishing documents in malicious email traffic
- A decrease in the number of user requests to decrypt files affected by encoder trojans
- The discovery of new malicious apps on Google Play
- The continued distribution of fake crypto-wallet software for mobile devices
In December 2023, the number of requests made to decrypt files affected by encoder trojans decreased by 27.95%, compared to November.
The most common encoders of December:
- Trojan.Encoder.26996 — 21.76%
- Trojan.Encoder.3953 — 20.73%
- Trojan.Encoder.37369 — 4.14%
- Trojan.Encoder.34790 — 3.63%
- Trojan.Encoder.30356 — 3.11%
In December 2023, Doctor Web’s Internet analysts continued to identify new fraudulent investing-themed websites that are allegedly connected with oil and gas companies, banks, and other organizations. Visitors of such sites are asked to provide personal data to register an account and gain access to one or another financial service.
During the New Year holiday season, malicious actors adjusted their deception theme accordingly: they attracted potential victims with “gifts” and “special terms”. On one of these scam websites, for example, “in honor of the upcoming New Year”, visitors were offered an opportunity to freely access some investing platform:
And on another site—one allegedly backed by the Russian Federation government and one large oil and gas company—social payments “awaited” all citizens.
Malicious and unwanted programs for mobile devices
According to detection statistics collected by Dr.Web for Android, in December, users were most often attacked by Android.HiddenAds adware trojans. At the same time, the activity of these malicious apps decreased, compared to the previous month. The number of banking trojan and spyware trojan attacks also decreased.
Over the course of December, Doctor Web’s virus analysts discovered other fake apps from the Android.FakeApp family on Google Play. In addition, our specialists found new websites which cybercriminals use to distribute fake crypto-wallet software for Android and iOS-based devices.
The following December events involving mobile malware are the most noteworthy:
- A decrease in the activity of Android.HiddenAds adware trojans,
- A decrease in banking trojan and spyware trojan activity,
- The discovery of new malicious programs on Google Play,
- The discovery of new websites, through which fake crypto-wallet software is distributed.
To find out more about the security-threat landscape for mobile devices in December, read our special overview.