Malware Information Initiative (MII): Top 10

Total percentage of the top 10: 46,22 %

RankNamePercentageMalware distribution by percentage within the top 10
1JS:Trojan.FBWorm.D23,67 % Top10 Chart

This is a detection for malicious Javascript code, which hijacks Facebook accounts. It spreads via Facebook Messenger and send messages like "watch my private video and don't show it to anyone" depending on detected language.

Obfuscated Javascript that decodes a string to add to the current pages url to load hidden content like malware or to invoke a redirection. Sometimes also detected as HTML.Trojan.Redirector.AP.

Obfuscated Javascript that decodes a string to add to the current pages url to load hidden content like malware or to invoke a redirection. Sometimes also detected as HTML.Trojan.Redirector.AP.

Generic detection for crypto currency miner. CoinMiner which is usually installed and run without user consent by Trojans or PUP to produce revenue for the software's distributors.

Detection on heavily obfuscated Javascript code which is used to conceal malicious content on webpages.

Detection on heavily obfuscated Javascript code on webpages which load additional code from a secondary source. Most of the affected sites host porn, ads or warez.

Mindspark is a browser plugin with questionable usefulness. It changes the startpage and the settings for search engines without user consent. It is also tracking the surf behavior of users. This signature is detecting the DLL of the tool.

Crypto currency miner embedded on webpages to use the victims computer resources without disclosing this. Some webpages are actually infected by this without the adminitrators knowledge.

Scam injected on webpages which tries to make users believe that their computer is infected with malware and that the number given by the warning is from Microsoft support

PUP installer that makes offers for other software during installation of the initial bait. This is mostly used by online plattforms which repack freely available software to get revenue as an affiliate.

2JS:Trojan.Gnaeus.G3,92 % Top10 Chart
3JS:Trojan.Gnaeus.F3,26 % Top10 Chart
4Win32.Application.CoinMiner.T@gen2,80 % Top10 Chart
5HTML.Trojan.Obfus.AP2,53 % Top10 Chart
6JS:Trojan.Downloader.RemoteClient.A2,32 % Top10 Chart
7Win32.Adware.Mindspark.E2,26 % Top10 Chart
8Application.CoinMiner.AY2,25 % Top10 Chart
9Script.Trojan-Ransom.TechSupportScam.S2,22 % Top10 Chart
10Win32.Application.DownloadGuide.T0,99 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 44,31 %

RankNamePercentageMalware distribution by percentage within the top 10
1JS:Trojan.FBWorm.D21,78 % Top10 Chart

This is a detection for malicious Javascript code, which hijacks Facebook accounts. It spreads via Facebook Messenger and send messages like "watch my private video and don't show it to anyone" depending on detected language.

3rd party game patch libraries used for fixes and cheats. Usually used as bait to get users to install infected files.

Scam injected on webpages which tries to make users believe that their computer is infected with malware and that the number given by the warning is from Microsoft support

Win32.Application.DownloadSponsor.R is a detection of a potentially unwanted software (PUP) that comes as a bundled installer. The distributors take legitimate free software, bundle it with their PUP installer and distribute these bundles online for the sake of monetization. Offers and offer dialogues are downloaded dynamically from the DownloadSponsor servers. Each and every ad impression results in earnings for the distributors of the manipulated software.

Crypto currency miner embedded on webpages to use the victims computer resources without disclosing this. Some webpages are actually infected by this without the adminitrators knowledge.

Mindspark is a browser plugin with questionable usefulness. It changes the startpage and the settings for search engines without user consent. It is also tracking the surf behavior of users. This signature is detecting the DLL of the tool.

Detection on heavily obfuscated Javascript code on webpages which load additional code from a secondary source. Most of the affected sites host porn, ads or warez.

Downloader for Chinese PUP, downloads and runs various Potentially Unwanted Programs like KuaiZip, which are installed without proper user consent. The payload may vary depending on downloader.

Generic detection for crypto currency miner. CoinMiner which is usually installed and run without user consent by Trojans or PUP to produce revenue for the software's distributors.

Scam injected on webpages which tries to make users believe that their computer is infected with malware and that the number given by the warning is from Microsoft support

2Gen:Variant.Razy.3498285,84 % Top10 Chart
3Script.Trojan-Ransom.TechSupportScam.S4,24 % Top10 Chart
4Win32.Application.DownloadSponsor.R3,55 % Top10 Chart
5Application.CoinMiner.AY2,19 % Top10 Chart
6Win32.Adware.Mindspark.E1,80 % Top10 Chart
7JS:Trojan.Downloader.RemoteClient.A1,48 % Top10 Chart
8Trojan.Agent.BTGJ1,31 % Top10 Chart
9Win32.Application.CoinMiner.T@gen1,12 % Top10 Chart
10Script.Trojan-Ransom.TechSupportScam.Y1,00 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 17,21 %

RankNamePercentageMalware distribution by percentage within the top 10
1Script.Application.MindSpark.G4,17 % Top10 Chart

Mindspark.G is a browser plugin with questionable usefulness. It changes the startpage and the settings for search engines without user consent. It is also tracking the surf behavior of users.

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Generic detection for malicious remote access tools (RAT), using crypto packers like Themida.

Adware that is bundled with many freeware software. It offers to show users the "relevant" information that like minded people search for.
But in the end it is just showing ads and trying to gather user data.

2Gen:Variant.Graftor.4575271,77 % Top10 Chart
3Win32.Application.OpenCandy.G1,62 % Top10 Chart
4Script.Application.InstallCore.HL1,60 % Top10 Chart
5Gen:Variant.Graftor.56391,49 % Top10 Chart
6Win32.Application.OpenCandy.O1,47 % Top10 Chart
7Gen:Variant.Application.Bundler.Softonic.11,45 % Top10 Chart
8Zum.Androm.11,33 % Top10 Chart
9Gen:Variant.Barys.3241,18 % Top10 Chart
10Adware.Relevant.BH1,13 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 18,63 %

RankNamePercentageMalware distribution by percentage within the top 10
1Gen:Variant.Graftor.4575273,46 % Top10 Chart

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Adware that is bundled with many freeware software. It offers to show users the "relevant" information that like minded people search for.
But in the end it is just showing ads and trying to gather user data.

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

2Win32.Application.OpenCandy.O2,69 % Top10 Chart
3Gen:Variant.Application.Bundler.Softonic.12,66 % Top10 Chart
4Adware.Relevant.BH1,90 % Top10 Chart
5Script.Application.InstallCore.HL1,62 % Top10 Chart
6Win32.Application.OpenCandy.G1,57 % Top10 Chart
7Adware.RelevantKnowledge.A1,36 % Top10 Chart
8Zum.Androm.11,32 % Top10 Chart
9Application.BitCoinMiner.SX1,10 % Top10 Chart
10Gen:Variant.Application.Bundler.DownloadGuide.110,95 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 14,58 %

RankNamePercentageMalware distribution by percentage within the top 10
1Script.Application.InstallCore.HL2,13 % Top10 Chart

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Alphaeon is a PUP installer using InstallCore. It tries to avoid detection by encrypting its payload. Tries to trick the user into installing various other PUP during installation.

2Win32.Application.OpenCandy.G2,07 % Top10 Chart
3Gen:Variant.Application.Bundler.Softonic.11,87 % Top10 Chart
4Win32.Application.OpenCandy.O1,59 % Top10 Chart
5Gen:Variant.Application.Bundler.DownloadGuide.481,51 % Top10 Chart
6Adware.RelevantKnowledge.A1,14 % Top10 Chart
7Gen:Variant.Graftor.2467121,12 % Top10 Chart
8Zum.Androm.11,08 % Top10 Chart
9Application.BitCoinMiner.SX1,04 % Top10 Chart
10Application.Alphaeon.11,03 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 13,9 %

RankNamePercentageMalware distribution by percentage within the top 10
1Win32.Application.OpenCandy.G2,37 % Top10 Chart

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

This computer worm, which is also known as Conficker, propagates in a network via file sharing and portable media. In can also deactivate important computer services, e.g. the AV protection. After a successful infection, it downloads further malware from the Internet. Some variants of this malware also block the access to pre-defined website (e.g. the websites of AV vendors or Windows updates).

Generic detection for malicious remote access tools (RAT), using crypto packers like Themida.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

Win32.Application.DownloadSponsor.R is a detection of a potentially unwanted software (PUP) that comes as a bundled installer. The distributors take legitimate free software, bundle it with their PUP installer and distribute these bundles online for the sake of monetization. Offers and offer dialogues are downloaded dynamically from the DownloadSponsor servers. Each and every ad impression results in earnings for the distributors of the manipulated software.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

2Application.BitCoinMiner.UB1,92 % Top10 Chart
3Gen:Variant.Application.Bundler.Softonic.11,79 % Top10 Chart
4Win32.Worm.Downadup.Gen1,58 % Top10 Chart
5Gen:Variant.Barys.3241,16 % Top10 Chart
6Application.BitCoinMiner.SX1,11 % Top10 Chart
7Win32.Application.OpenCandy.O1,05 % Top10 Chart
8Gen:Variant.Graftor.278201,02 % Top10 Chart
9Win32.Application.DownloadSponsor.R1,00 % Top10 Chart
10Adware.RelevantKnowledge.A0,90 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 16,89 %

RankNamePercentageMalware distribution by percentage within the top 10
1Win32.Application.OpenCandy.G2,20 % Top10 Chart

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

BitCoinMiners utilize the computing capacity of the device, in order to mine crypto currencies like Monero or BitCoin. This one is using webasm and is calling various crypto mining services such as coinhive and authedmine to mine Monero in the background of webpages or webapps.

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

2Application.BitCoinMiner.UB2,07 % Top10 Chart
3Application.BitCoinMiner.ZV2,06 % Top10 Chart
4Script.Application.InstallCore.HL1,98 % Top10 Chart
5Gen:Variant.Application.Bundler.Softonic.11,94 % Top10 Chart
6Application.BitCoinMiner.SX1,53 % Top10 Chart
7Gen:Variant.Graftor.278201,49 % Top10 Chart
8Zum.Androm.11,34 % Top10 Chart
9Win32.Application.OpenCandy.O1,17 % Top10 Chart
10Adware.RelevantKnowledge.A1,11 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 19,45 %

RankNamePercentageMalware distribution by percentage within the top 10
1Application.BitCoinMiner.ZV4,39 % Top10 Chart

BitCoinMiners utilize the computing capacity of the device, in order to mine crypto currencies like Monero or BitCoin. This one is using webasm and is calling various crypto mining services such as coinhive and authedmine to mine Monero in the background of webpages or webapps.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Win32.Application.DownloadSponsor.R is a detection of a potentially unwanted software (PUP) that comes as a bundled installer. The distributors take legitimate free software, bundle it with their PUP installer and distribute these bundles online for the sake of monetization. Offers and offer dialogues are downloaded dynamically from the DownloadSponsor servers. Each and every ad impression results in earnings for the distributors of the manipulated software.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Generic detection for malicious remote access tools (RAT), using crypto packers like Themida.

2Application.BitCoinMiner.SX3,44 % Top10 Chart
3Win32.Application.OpenCandy.G2,65 % Top10 Chart
4Script.Application.InstallCore.HL1,99 % Top10 Chart
5Gen:Variant.Application.Bundler.Softonic.11,68 % Top10 Chart
6Zum.Androm.11,34 % Top10 Chart
7Win32.Application.DownloadSponsor.R1,02 % Top10 Chart
8Adware.RelevantKnowledge.A1,00 % Top10 Chart
9Gen:Adware.BrowseFox.10,97 % Top10 Chart
10Gen:Variant.Barys.3240,97 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 18,22 %

RankNamePercentageMalware distribution by percentage within the top 10
1Application.BitCoinMiner.SX5,09 % Top10 Chart

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

This signature covers installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Generic detection for malware posing as Microsoft files.

Generic detection for malware posing as Microsoft files.

2Win32.Application.OpenCandy.G2,23 % Top10 Chart
3Script.Application.InstallCore.HL2,02 % Top10 Chart
4Application.BitCoinMiner.UB1,76 % Top10 Chart
5Gen:Variant.Application.Bundler.Softonic.11,35 % Top10 Chart
6Zum.Androm.11,31 % Top10 Chart
7Win32.Application.OpenCandy.O1,18 % Top10 Chart
8Gen:Variant.Strictor.582141,14 % Top10 Chart
9Win32.Adware.OpenCandy.P1,11 % Top10 Chart
10Gen:Variant.Strictor.833191,03 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 17,91 %

RankNamePercentageMalware distribution by percentage within the top 10
1Application.BitCoinMiner.SX3,53 % Top10 Chart

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

PUP bundle installer which tries to trick user into installing very aggressive PUP.

Script.Application.InstallCore.HL is the signature name of a installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Application.DownloadSponsor.R is a detection of a potentially unwanted software (PUP) that comes as a bundled installer. The distributors take legitimate free software, bundle it with their PUP installer and distribute these bundles online for the sake of monetization. Offers and offer dialogues are downloaded dynamically from the DownloadSponsor servers. Each and every ad impression results in earnings for the distributors of the manipulated software.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.Softonic.A is a potentially unwanted program (PUP). The adware targets browsers, such as Microsoft Internet Explorer, Google Chrome or Mozilla Firefox.
The symptom of an infection is the modification of the browser’s homepage, its default search engine and/or popups with advertisements. Softonic is the name of the company behind this application.

2Gen:Variant.Application.Bundler.Softonic.12,07 % Top10 Chart
3opencandy2,04 % Top10 Chart
4Win32.Application.OpenCandy.G1,94 % Top10 Chart
5Application.BitCoinMiner.UB1,82 % Top10 Chart
6Zum.Androm.11,54 % Top10 Chart
7Win32.Application.OpenCandy.O1,49 % Top10 Chart
8Win32.Application.DownloadSponsor.R1,33 % Top10 Chart
9Application.SearchProtect.BS1,20 % Top10 Chart
10Win32.Adware.Softonic.A0,95 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 17,46 %

RankNamePercentageMalware distribution by percentage within the top 10
1Application.BitCoinMiner.SX5,33 % Top10 Chart

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Application.InstallCore.HL is the signature name of a installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Application.DownloadSponsor.R is a detection of a potentially unwanted software (PUP) that comes as a bundled installer. The distributors take legitimate free software, bundle it with their PUP installer and distribute these bundles online for the sake of monetization. Offers and offer dialogues are downloaded dynamically from the DownloadSponsor servers. Each and every ad impression results in earnings for the distributors of the manipulated software.

Generic Trojan horse that (ab)uses folder icons to get executed. Depending on variant this may show worm like behaviour, use a backdoor or download another malware.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Generic detection of NSIS based installers/uninstallers for PUP bundlers. This includes many PUP which are installed without user consent.

Adware.Searchprotect.AT is the detection of a pre-installed version of Conduit Search Protect on Lenovo computers. Conduit Search Protect belongs to the category of potentially unwanted programs (PUP).
The user is allowed to change this variant's settings, but he is initially made to use the pre-settings the distributor wishes him to use.

BitCoinMiners utilize the computing capacity of the device, in order to mine BitCoins. In most of the cases they are delivered via websites.

2Win32.Application.OpenCandy.G2,15 % Top10 Chart
3opencandy2,15 % Top10 Chart
4Win32.Application.DownloadSponsor.R1,31 % Top10 Chart
5Gen:Variant.Graftor.278201,24 % Top10 Chart
6Application.SearchProtect.BS1,20 % Top10 Chart
7Win32.Application.OpenCandy.O1,18 % Top10 Chart
8Zum.Androm.11,03 % Top10 Chart
9Adware.Searchprotect.AT0,97 % Top10 Chart
10Application.BitCoinMiner.UB0,90 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.