The variety of consumer requests to decrypt information affected by encoder trojans decreased by 7.02%, in comparison with the earlier month. The commonest malware behind the ransom assaults had been Trojan.Encoder.3953 (18.27% of incidents), Trojan.Encoder.37369 (9.14% of incidents), and Trojan.Encoder.26996 (8.12% of incidents).
Within the cell threats division, Android.HiddenAds adware trojans had been once more probably the most generally detected malware, with extremely elevated exercise.
Principal developments in February
- A rise within the whole variety of threats detected
- The predominance of malicious scripts and phishing paperwork in malicious e mail visitors
- A lower within the variety of consumer requests to decrypt information affected by encoder trojans
- A rise within the variety of Android.HiddenAds adware trojans on protected gadgets
In keeping with Physician Net’s statistics service
The commonest threats in February:
- Adware.Downware.20091
- Adware that usually serves as an middleman installer of pirated software program.
- Trojan.BPlug.3814
- The detection identify for a malicious element of the WinSafe browser extension. This element is a JavaScript file that shows intrusive advertisements in browsers.
- Trojan.StartPage1.62722
- A computer virus that may modify the house web page within the browser settings.
- Adware.Siggen.33194
- The detection identify for a freeware browser that was created with an Electron framework and has a built-in adware element. This browser is distributed through numerous web sites and loaded onto customers’ computer systems once they strive downloading torrent information.
- Trojan.AutoIt.1224
- The detection identify for a packed model of the Trojan.AutoIt.289 malicious app, written within the AutoIt scripting language. This trojan is distributed as a part of a bunch of a number of malicious purposes, together with a miner, a backdoor, and a self-propagating module. Trojan.AutoIt.289 performs numerous malicious actions that make it tough for the principle payload to be detected.
Statistics for malware found in e mail visitors
- JS.Inject
- A household of malicious JavaScripts that inject a malicious script into the HTML code of webpages.
- HTML.FishForm.365
- A webpage unfold through phishing emails. It’s a bogus authorization web page that mimics well-known web sites. The credentials a consumer enters on the web page are despatched to the attacker.
- Trojan.PackedNET.2511
- Malware written in VB.NET and guarded with a software program packer.
- Exploit.CVE-2018-0798.4
- An exploit designed to reap the benefits of Microsoft Workplace software program vulnerabilities and permit an attacker to run arbitrary code.
- W97M.DownLoader.2938
- A household of downloader trojans that exploit vulnerabilities in Microsoft Workplace paperwork. They will additionally obtain different malicious applications to a compromised pc.
Encryption ransomware
In February 2024, the variety of requests made to decrypt information affected by encoder trojans decreased by 7.02%, in comparison with January.
The commonest encoders of February:
- Trojan.Encoder.3953 — 18.27%
- Trojan.Encoder.35534 — 9.14%
- Trojan.Encoder.26996 — 8.12%
- Trojan.Encoder.29750 — 0.51%
- Trojan.Encoder.37400 — 0.51%
Harmful web sites
In February 2024, Physician Net’s Web analysts continued to establish undesirable web sites of assorted material. For instance, websites informing potential victims that some cash transfers had been allegedly ready for them had been well-liked with cybercriminals. To “obtain” these funds, customers should pay a financial institution switch “fee”. Hyperlinks to such web sites are distributed in numerous methods, together with through posts on the Telegraph weblog platform.
Under is an instance of 1 such publication. Potential victims are requested to “accumulate” the reward that they supposedly earned after collaborating in a web based retailer survey:
Upon clicking on the “GET A PAYMENT” (“ОФОРМИТЬ ВЫПЛАТУ”) hyperlink, the consumer is redirected to a rip-off web site of some non-existent “Worldwide Cost and Switch System” (“Международная Система Платежей и Переводов”), the place they’re supposedly in a position to obtain the promised funds:
To “obtain” the cash, the consumer should first present private data, equivalent to their identify and e mail tackle. Then, they should pay a “fee” through the professional Quicker Funds System (“Система быстрых платежей”, “СБП”, or “SBP”) in order that the reward, which, in actual fact, doesn’t exist, could be “transferred” to them. On the identical time, scammers ask the sufferer to pay the “fee” through a web based financial institution, utilizing the required financial institution card quantity; all that whereas, the Quicker Funds System permits transfers solely by cell phone quantity. On this case, the fraudsters could intentionally be speculating on a money-transfer methodology that’s gaining recognition in Russia, relying on the low monetary literacy of customers. If the sufferer agrees to pay the “fee”, they may switch their very own cash on to the scammers’ financial institution card. Nevertheless, it’s attainable that in an try and steal customers’ cash, malicious actors will really start utilizing the Quicker Funds System sooner or later.
Malicious and undesirable applications for cell gadgets
In keeping with detection statistics collected by Dr.Net for Android, in February, Android.HiddenAds ad-displaying trojans had been mostly detected as soon as once more. Their exercise elevated by 73.26%, in comparison with January. On the identical time, adware trojans from one other household, Android.MobiDash, attacked customers 58.85% much less usually.
The variety of Android.Spy spyware and adware trojan detections decreased by 27.33%, whereas banking trojan detections decreased by 18.77%. In the meantime, Android.Locker ransomware trojans had been detected 29.85% much less usually.
The next February occasions involving cell malware are probably the most noteworthy:
- A big improve within the exercise of Android.HiddenAds ad-displaying trojans,
- A lower within the variety of banking trojan and spyware and adware trojan assaults,
- A rise within the variety of ransomware trojan assaults.
To search out out extra concerning the security-threat panorama for cell gadgets in February, learn our particular overview.