Doctor Web’s August 2019 virus activity review

[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Threat of the month" }, { box => "Statistics" }, { box => "Encryption ransomware" }, { box => "Dangerous websites" }, { box => "Mobile devices" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2019/DrWeb_review_august_2019.pdf' %] [% BLOCK global.tpl_blueprint.content %]

September 9, 2019

In August, Dr.Web server statistics detected a 21.28% decrease in the total number of threats compared to July. The number of unique threats dropped only slightly by 2.82%. The most common threat in email traffic is malware that exploits vulnerabilities in Microsoft Office documents, as well as trojan downloaders. Similarly to the previous month, the majority of detected malware and unwanted software is adware.

Threat of the month

In August, researchers at Doctor Web’s virus lab discovered a dangerous banking trojan spread by cybercriminals via fake websites of popular software. One of these resources is copied from a well-known VPN service, while others are disguised as corporate office software websites.

More about this threat

According to Doctor Web’s statistics servers

Threats of the month:

Adware.Softobase.15

Installation adware that spreads outdated software and changes the browser’s settings.

Adware.Ubar.13

A torrent client designed to install unwanted programs on a user’s device.

Trojan.Winlock.14244

A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.

Trojan.InstallCore.3553

Another well-known adware installer. It displays ads and installs new software without a user’s permission.

Statistics for malware discovered in email traffic

Exploit.Rtf.CVE2012-0158

Modified Microsoft Office document. Exploits the CVE2012-0158 vulnerability in order to run malicious code.

W97M.DownLoader.2938

A family of trojan downloaders that exploit vulnerabilities in Microsoft Office applications and can download other malware to a compromised device.

Exploit.ShellCode.69

Another malicious Microsoft Office Word document, which uses the CVE-2017-11882 vulnerability.

Trojan.PWS.Stealer.19347

A family of trojans designed to steal passwords and other confidential information stored on an infected computer.

Encoders

In August, cases involving the following ransomware were most often registered by Doctor Web’s technical support service:

• Trojan.Encoder.858—17.73%
• Trojan.Encoder.11464—7.09%
• Trojan.Encoder.18000—4.96%
• Trojan.Encoder.28004—4.26%
• Trojan.Encoder.11539—2.60%
• Trojan.Encoder.25574—1.18%
• Trojan.Encoder.567—1.65%

Dangerous websites

In August 2019, Doctor Web added 204,551 URLs to the Dr.Web database of non-recommended websites.

Malicious and unwanted programs for mobile devices

In August, Doctor Web experts discovered several new malware on Google Play. In early August, the Dr.Web virus database was updated to detect the Android.Click.312.origin trojan, which could open links and various websites following the command of the server. Virus analysts also detected new adware Android.HiddenAds, as well as the Android.DownLoader.915.origin downloader that was able to download other malicious applications.

At the end of the month, Doctor Web experts discovered another banking trojan that attacked users from Brazil. The malware, dubbed Android.Banker.346.origin, exploited the Android OS Accessibility Service and could hook text messages.

The following events are among the most notable regarding mobile security in August:

• Distribution of malware on Google Play;
• New unwanted adware modules.

Learn more about malicious and unwanted programs for mobile devices in our August overview.

Back to articles list