Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

March 2016 virus activity review from Doctor Web

March 31, 2016

The past month showed that virus makers have become more active in their attempts to compromise Apple computers. At the beginning of March, Doctor Web security researchers registered new adware Trojans for OS X, and later, they found a new technique to decrypt files stored on Mac computers infected by a ransomware Trojan named Mac.Trojan.KeRanger.2. Besides, our specialists found a new malware program for Android that attackers incorporated either into some popular apps or into firmware of Android mobile devices.

PRINCIPAL TRENDS IN MARCH

  • New adware programs for OS X
  • New method to decrypt files compromised by ransomware for OS X
  • New Trojan for Android incorporated into firmware and popular Android applications

Threat of the month

March began with Doctor Web detecting a family of adware Trojans for OS X. The first component that arrives on a Mac computer is Mac.Trojan.VSearch.2. At that, it masquerades as a benign application—for example, Nice Player.

Mac.Trojan.VSearch #drweb

Unlike other installers, Mac.Trojan.VSearch.2 does not allow the user to select modules to install on the computer in addition to the desired application. At that, the Trojan is set as if the user themselves checked all offered components. Apart from many other dangerous applications, the Trojan also installs Mac.Trojan.VSearch.4, a malware program that, in turn, can download and launch another Trojan named Mac.Trojan.VSearch.7. Once Mac.Trojan.VSearch.7 is on the computer, the very first thing it does is create a new user account, which is not displayed in the OS X Welcome dialog. Then it injects a JavaScript script in all opened webpages. This script is responsible for display of advertisements in the browser window and collects the user’s Web search queries of several search engines.

For more information about these Trojans and their technical details, refer to the article.

According to statistics collected by Dr.Web CureIt!

According to statistics collected by Dr.Web CureIt!

According to Doctor Web statistics servers

According to Doctor Web statistics servers #drweb

Statistics concerning malicious programs discovered in email traffic

According to Doctor Web statistics servers #drweb

Encryption ransomware

Encryption ransomware #drweb

The most common ransomware programs in March 2016:

In February 2016, numerous mass media announced the emergence of the first ransomware Trojan for OS X that Dr.Web detects as Mac.Trojan.KeRanger.2. However, in March, our security researchers found how files affected by this Trojan could be decrypted. To read more about the Trojan, and learn what actions should be taken if your computer is infected by this malware, refer to the news article.

Dr.Web Security Space 11.0 for Windows
protects against encryption ransomware

This feature is not available in Dr.Web Anti-virus for Windows.

Data Loss Prevention
Preventive ProtectionData Loss Prevention

Dangerous websites

During March 2016, Doctor Web added 458,013 URLs into the Dr.Web database of non-recommended sites.

February 2016March 2016Dynamics
+453,623+458,013+0.96%
Non-recommended websites

Malicious and unwanted programs for mobile devices

The first spring month was marked by the appearance of a new adware Trojan for Android. This malicious program was detected in some popular applications and on several dozens of Android firmwares. Its primary function is to display annoying advertisements. However, it can also download, install and run various software, and transmit confidential information to the server. Later in March, more than 100 Google Play apps were found to contain an advertising spyware. Moreover, Doctor Web specialists carried out the examination of dangerous Trojans able to inject themselves into Android system process and processes of running applications.

Among the most noticeable March events related to mobile malware, we can mention

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040