Doctor Web’s May 2020 virus activity review
Doctor Web’s May 2020 virus activity review
[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => 'Overview' }, { box => 'Statistics' }, { box => 'Encryption ransomware' }, { box => 'Dangerous websites' }, { box => 'Mobile devices' } ] %] [% BLOCK global.tpl_blueprint.content %]June 19, 2020
The May analysis of Dr. Web’s statistics revealed a 25.59% decrease in the total number of threats compared to the previous month. The number of unique threats also dropped by 5.35%. Users were mostly exposed to adware and malware downloaders. Email traffic was dominated by malware that exploits vulnerabilities in Microsoft Office programs. In addition, the most common threats still included the
In May, the number of user requests to decrypt files affected by encoders decreased by 4.18% compared with April. Thus, statistics revealed a decrease in ransomware activity for the first time since the beginning of the year.
Principal Trends in May
- A decline in malware spreading activity
- Adware remain amongst the most active threats
- A minor decrease in encoder activity
According to Doctor Web’s statistics service
The most common threats in May:
- Adware.Elemental.17
- Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
- Trojan.LoadMoney.4020
- A family of malware installers that deploy additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes the browser settings.
- Adware.Downware.19741
- Adware that often serves as an intermediary installer of pirate software.
- Trojan.BPlug.3835
- A malicious browser extension designed to perform web injections into viewed webpages and block third-party advertisements.
Statistics for malware discovered in email traffic
-
Exploit.CVE-2012-0158 - A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
Trojan.SpyBot.699 - A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
- Tool.KMS.7
- Hacking tools used to activate illegal copies of Microsoft software.
- HTML.Redirector.33
- Malicious HTML documents that are often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.
Encryption ransomware
In May, Doctor Web’s virus laboratory registered 4.18% less requests to decode files encoded by trojan ransomware than in April.
-
Trojan.Encoder.26996 — 28.94% - Trojan.Encoder.29750 — 5.39%
-
Trojan.Encoder.567 — 4.39% -
Trojan.Encoder.858 — 2.40% - Trojan.Encoder.25069 — 1.80%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In May 2020, Doctor Web added 107,082 URLs to the Dr.Web database of non-recommended websites.
April 2020 | May 2020 | Dynamics |
---|---|---|
+ 140,188 | + 107,082 | - 23.62% |
Malicious and unwanted programs for mobile devices
The total number of May threats on Android devices increased by just over 3% as compared to April. Doctor Web malware analysts detected a variety of new threats on the Google Play catalog. These include new versions of
Additionally, new records were added to the Dr.Web virus database to detect various banking trojans, as well as a spyware trojan that was distributed as a program for tracking COVID-19 infection statistics. At the end of the month, our specialists uncovered the
The following May events related to mobile malware are the most noteworthy:
- Growth in malware activity on protected devices
- Detection of new threats on Google Play
Find out more about malicious and unwanted programs for mobile devices in our special overview.