Dr.Internet — Physician Internet’s January 2024 virus exercise evaluation


March 29, 2024

An evaluation of Dr.Internet anti-virus detection statistics for January 2024 revealed a 95.66% improve within the whole variety of threats detected, in comparison with December 2023. On the identical time, the variety of distinctive threats elevated by 2.15%. Undesirable adware software program and adware trojans had been most steadily detected as had been malicious applications distributed with different threats to make the latter harder to detect. In mail site visitors, malicious scripts and phishing paperwork had been mostly noticed.

The variety of person requests to decrypt information affected by encoder trojans elevated by 22.84%, in comparison with the final month of 2023. Victims of those malicious applications once more most steadily encountered Trojan.Encoder.26996, Trojan.Encoder.3953, and Trojan.Encoder.37369. Their share of the entire variety of incidents recorded was 17.98%, 12.72%, and three.51%, respectively.

In January 2024, Physician Internet’s specialists found a brand new household of undesirable adware for the Android working system. Dubbed Adware.StrawAd, it was built-in into a number of applications distributed by way of Google Play. Our malware analysts uncovered many new Android.FakeApp trojan apps on Google Play as properly; cybercriminals use these apps for fraudulent functions.

Principal developments in January

  • A rise within the whole variety of threats detected
  • A rise within the variety of person requests to decrypt information affected by encoder trojans
  • The emergence of recent threats on Google Play

Based on Physician Internet’s statistics service

The most typical threats in January:


Adware that always serves as an middleman installer of pirated software program.


The detection title for a malicious part of the WinSafe browser extension. This part is a JavaScript file that shows intrusive adverts in browsers.


The detection title for a freeware browser that was created with an Electron framework and has a built-in adware part. This browser is distributed by way of varied web sites and loaded onto customers’ computer systems after they strive downloading torrent information.


The detection title for a packed model of the Trojan.AutoIt.289 malicious app, written within the AutoIt scripting language. This trojan is distributed as a part of a gaggle of a number of malicious functions, together with a miner, a backdoor, and a self-propagating module. Trojan.AutoIt.289 performs varied malicious actions that make it tough for the principle payload to be detected.


Another app retailer and an add-on for Home windows GUI (graphical person interface) from the creators of “OpenCandy” adware.

Statistics for malware found in e-mail site visitors


A household of malicious JavaScripts that inject a malicious script into the HTML code of webpages.


An exploit designed to make the most of Microsoft Workplace software program vulnerabilities and permit an attacker to run arbitrary code.


A trojan designed to inject malicious code into the processes of different applications.


The detection title for malicious applications of varied performance.


The detection title for a shortcut that’s crafted in a selected approach. This shortcut is distributed via detachable media, like USB flash drives. To mislead customers and conceal its operation, its default icon is a disk. When launched, it executes malicious VBS scripts from a hidden listing positioned on the identical drive because the shortcut itself.

Encryption ransomware

In January 2024, the variety of requests made to decrypt information affected by encoder trojans elevated by 22.84%, in comparison with December 2023.

The most typical encoders of January:

Trojan.Encoder.26996 — 17.98%

Trojan.Encoder.3953 — 12.72%

Trojan.Encoder.37369 — 3.51%

Trojan.Encoder.35534 — 3.51%

Trojan.Encoder.30356 — 2.63%

Harmful web sites

Over the course of the primary month of 2024, Physician Internet’s malware analysts found extra fraudulent finance-themed web sites. These attracted potential victims by providing them the chance to develop into buyers or to earn cash utilizing sure supposedly worthwhile platforms. Malicious actors move off such websites as official Web sources of well-known corporations, like banks and oil and fuel sector companies, to call a couple of. For this, fraudsters copy or use related logos, names, and shade schemes.

On such websites, guests are requested to reply a number of questions after which to supply their private knowledge (first and final title, cell phone quantity, e-mail tackle, and so forth.) to “entry” the service. All this confidential info might find yourself in third-party fingers and will subsequently be used for unlawful functions.

The screenshot beneath depicts an instance of 1 such fraudulent web site. It informs the customer that each Russian citizen can allegedly make 150,000 rubles per 30 days. To start out “incomes cash”, the person should present their contact particulars.

Subsequent, to “entry” the investing platform, supposedly created in honor of the one hundredth anniversary of the USSR, the person is requested to take a survey and supply their private knowledge once more:

On the finish, the web site tells the sufferer to attend for a name from “certainly one of its staff”:

Malicious and undesirable applications for cellular gadgets

Based on detection statistics collected by Dr.Internet for Android, in January, customers had been most certainly to come across Android.HiddenAds adware trojans, whose exercise elevated by 54.45%. The variety of banking trojan assaults of varied households and Android.Spy spyware and adware trojan assaults additionally elevated―by 17.04% and 11.16%, respectively. In the meantime, the exercise of Android.Locker ransomware trojans, quite the opposite, decreased―by 0.92%.

Among the many threats found on Google Play by Physician Internet’s malware analysts had been extra trojan apps from the Android.FakeApp household. As well as, our specialists detected applications containing the built-in undesirable adware module Adware.StrawAd, which belongs to a brand new household.

The next January occasions involving cellular malware are probably the most noteworthy:

  • A rise within the exercise of Android.HiddenAds adware trojans,
  • A rise within the variety of banking trojan and spyware and adware trojan assaults,
  • A lower within the variety of ransomware malware assaults,
  • The emergence of recent malware and adware on Google Play.

To search out out extra concerning the security-threat panorama for cellular gadgets in January, learn our particular overview.


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *