Dr.Net — Physician Net’s February 2024 virus exercise evaluate

An evaluation of Dr.Net anti-virus detection statistics for February 2024 revealed a 1.26% improve within the whole variety of threats detected, in comparison with January. On the identical time, the variety of distinctive threats decreased by 0.78%. As soon as once more numerous ad-displaying trojans and undesirable adware applications occupied the main positions by way of the variety of detections. Furthermore, malicious apps which might be distributed with different threats to make them harder to detect remained extremely lively. In e mail visitors, malicious scripts, phishing paperwork, and applications that exploit vulnerabilities in Microsoft Workplace software program had been mostly detected.

The variety of consumer requests to decrypt information affected by encoder trojans decreased by 7.02%, in comparison with the earlier month. The commonest malware behind the ransom assaults had been Trojan.Encoder.3953 (18.27% of incidents), Trojan.Encoder.37369 (9.14% of incidents), and Trojan.Encoder.26996 (8.12% of incidents).

Within the cell threats division, Android.HiddenAds adware trojans had been once more probably the most generally detected malware, with extremely elevated exercise.


In keeping with Physician Net’s statistics service



The commonest threats in February:

Adware.Downware.20091

Adware that usually serves as an middleman installer of pirated software program.

Trojan.BPlug.3814

The detection identify for a malicious element of the WinSafe browser extension. This element is a JavaScript file that shows intrusive advertisements in browsers.

Trojan.StartPage1.62722

A computer virus that may modify the house web page within the browser settings.

Adware.Siggen.33194

The detection identify for a freeware browser that was created with an Electron framework and has a built-in adware element. This browser is distributed through numerous web sites and loaded onto customers’ computer systems once they strive downloading torrent information.

Trojan.AutoIt.1224

The detection identify for a packed model of the Trojan.AutoIt.289 malicious app, written within the AutoIt scripting language. This trojan is distributed as a part of a bunch of a number of malicious purposes, together with a miner, a backdoor, and a self-propagating module. Trojan.AutoIt.289 performs numerous malicious actions that make it tough for the principle payload to be detected.


Statistics for malware found in e mail visitors



JS.Inject

A household of malicious JavaScripts that inject a malicious script into the HTML code of webpages.

HTML.FishForm.365

A webpage unfold through phishing emails. It’s a bogus authorization web page that mimics well-known web sites. The credentials a consumer enters on the web page are despatched to the attacker.

Trojan.PackedNET.2511

Malware written in VB.NET and guarded with a software program packer.

Exploit.CVE-2018-0798.4

An exploit designed to reap the benefits of Microsoft Workplace software program vulnerabilities and permit an attacker to run arbitrary code.

W97M.DownLoader.2938

A household of downloader trojans that exploit vulnerabilities in Microsoft Workplace paperwork. They will additionally obtain different malicious applications to a compromised pc.


Encryption ransomware

In February 2024, the variety of requests made to decrypt information affected by encoder trojans decreased by 7.02%, in comparison with January.



The commonest encoders of February:

Trojan.Encoder.3953 — 18.27%

Trojan.Encoder.35534 — 9.14%

Trojan.Encoder.26996 — 8.12%

Trojan.Encoder.29750 — 0.51%

Trojan.Encoder.37400 — 0.51%



Harmful web sites

In February 2024, Physician Net’s Web analysts continued to establish undesirable web sites of assorted material. For instance, websites informing potential victims that some cash transfers had been allegedly ready for them had been well-liked with cybercriminals. To “obtain” these funds, customers should pay a financial institution switch “fee”. Hyperlinks to such web sites are distributed in numerous methods, together with through posts on the Telegraph weblog platform.

Under is an instance of 1 such publication. Potential victims are requested to “accumulate” the reward that they supposedly earned after collaborating in a web based retailer survey:



Upon clicking on the “GET A PAYMENT” (“ОФОРМИТЬ ВЫПЛАТУ”) hyperlink, the consumer is redirected to a rip-off web site of some non-existent “Worldwide Cost and Switch System” (“Международная Система Платежей и Переводов”), the place they’re supposedly in a position to obtain the promised funds:



To “obtain” the cash, the consumer should first present private data, equivalent to their identify and e mail tackle. Then, they should pay a “fee” through the professional Quicker Funds System (“Система быстрых платежей”, “СБП”, or “SBP”) in order that the reward, which, in actual fact, doesn’t exist, could be “transferred” to them. On the identical time, scammers ask the sufferer to pay the “fee” through a web based financial institution, utilizing the required financial institution card quantity; all that whereas, the Quicker Funds System permits transfers solely by cell phone quantity. On this case, the fraudsters could intentionally be speculating on a money-transfer methodology that’s gaining recognition in Russia, relying on the low monetary literacy of customers. If the sufferer agrees to pay the “fee”, they may switch their very own cash on to the scammers’ financial institution card. Nevertheless, it’s attainable that in an try and steal customers’ cash, malicious actors will really start utilizing the Quicker Funds System sooner or later.








Malicious and undesirable applications for cell gadgets

In keeping with detection statistics collected by Dr.Net for Android, in February, Android.HiddenAds ad-displaying trojans had been mostly detected as soon as once more. Their exercise elevated by 73.26%, in comparison with January. On the identical time, adware trojans from one other household, Android.MobiDash, attacked customers 58.85% much less usually.

The variety of Android.Spy spyware and adware trojan detections decreased by 27.33%, whereas banking trojan detections decreased by 18.77%. In the meantime, Android.Locker ransomware trojans had been detected 29.85% much less usually.


The next February occasions involving cell malware are probably the most noteworthy:

  • A big improve within the exercise of Android.HiddenAds ad-displaying trojans,
  • A lower within the variety of banking trojan and spyware and adware trojan assaults,
  • A rise within the variety of ransomware trojan assaults.


To search out out extra concerning the security-threat panorama for cell gadgets in February, learn our particular overview.








Leave a Reply

Your email address will not be published. Required fields are marked *