The page may not load correctly.
May 31, 2016
The last spring month was marked by the emergence of a new backdoor for Microsoft Windows that was mainly designed to monitor user activity and to steal files from the infected computer. In addition, malware for Android continues to infect mobile devices—thus, our analytics registered a number of mobile banking Trojans has considerably increased. Besides, Doctor Web specialists examined a Trojan that was able to transform an infected machine into a proxy server.
Spyware Trojans pose a very serious threat because they can steal very important private information. BackDoor.Apper.1 is one of such-like Trojans, which was detected at the beginning of May.
The Trojan is distributed via a dropper in the form of the Microsoft Excel file with a special macros. This macros collects a self-extracting archive by bytes and runs it. The archive consists of an executable file, which has a valid digital signature registered to Symantec, and a dynamic library, in which all the main functions of the Trojan are implemented. Once launched, this file loads the malicious dynamic library into the memory of the infected computer.
BackDoor.Apper.1 is mainly designed to steal files from the machine. Yet, the backdoor can execute other commands. For more details, refer to the news article.
This feature is not available in Dr.Web Anti-virus for Windows.
|Data Loss Prevention|
During May 2016, Doctor Web added 550,258 URLs into the Dr.Web database of non-recommended sites.
|April 2016||May 2016||Dynamics|
TeamViewer is a popular tool of remote control. Specialists and system administrators use it to access to the system via a network and, for example, change some settings or send necessary files. However, this utility can be used by cybercriminals as well—they has modified the program so that its icon is not displayed on the Windows notification area, which helps to connect to the computer without user knowledge.
BackDoor.TeamViewer.49 also implements functions of TeamViewer. Yet, in this case, TeamViewer plays another role: the Trojan uses this program to load the library responsible for performing main malicious functions to the memory. Therefore, the computer starts operating as a proxy server that redirects traffic from the C&C server to the specified remote server. To learn more about BackDoor.TeamViewer.49, refer to the review published by Doctor Web.
Banking Trojans for Android are still dangerous, which is proved by the fact that in May, these malicious programs were again used by virus makers to steal money from owners of mobile devices. At that, Android.SmsSpy.88.origin was still being distributed in order to attack users all over the world. Besides, Doctor Web specialists discovered a huge number of websites containing Android.BankBot.104.origin and other banking Trojans.
Among the most noticeable May events related to mobile malware, we can mention
Find out more about malicious and unwanted programs for mobile devices in our special overview.