Malware Information Initiative (MII): Top 10

Total percentage of the top 10: 30,27 %

RankNamePercentageMalware distribution by percentage within the top 10
1JS:Trojan.Downloader.RemoteClient.A5,35 % Top10 Chart

Detection on heavily obfuscated Javascript code on webpages which load additional code from a secondary source. Most of the affected sites host porn, ads or warez.

Detection on heavily obfuscated Javascript code which is used to conceal malicious content on webpages.

Crypto currency miner embedded on webpages to use the victims computer resources without disclosing this. Some webpages are actually infected by this without the adminitrators knowledge.

Scam injected on webpages which tries to make users believe that their computer is infected with malware and that the number given by the warning is from Microsoft support

Mindspark is a browser plugin with questionable usefulness. It changes the startpage and the settings for search engines without user consent. It is also tracking the surf behavior of users. This signature is detecting the DLL of the tool.

Obfuscated IFRAME embedded into a webpage which loads a malicious page

Hidden IFRAME embedded into a webpage or picture which loads a malicious page

A script starts mining crypto coins while visiting a web site without noticing the user and/or without proper authorization.

Downloader for Chinese PUP, downloads and runs various Potentially Unwanted Programs like KuaiZip, which are installed without proper user consent. The payload may vary depending on downloader.

Part of a bundled application that may install without proper user consent. Often these are border cases

2HTML.Trojan.Obfus.AP4,84 % Top10 Chart
3Application.CoinMiner.AY4,74 % Top10 Chart
4Script.Trojan-Ransom.TechSupportScam.S3,95 % Top10 Chart
5Win32.Adware.Mindspark.E2,77 % Top10 Chart
6HTML.Trojan-Downloader.IFrame.AH@gen2,27 % Top10 Chart
7Trojan.Agent.DBCV1,91 % Top10 Chart
8Script.Application.CoinHive.A1,62 % Top10 Chart
9Trojan.Agent.BTGJ1,51 % Top10 Chart
10Gen:Variant.Application.Bundler.2171,31 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 48,59 %

RankNamePercentageMalware distribution by percentage within the top 10
1JS:Trojan.FBWorm.D14,81 % Top10 Chart

This is a detection for malicious Javascript code, which hijacks Facebook accounts. It spreads via Facebook Messenger and send messages like "watch my private video and don't show it to anyone" depending on detected language.

Obfuscated Javascript that decodes a string to add to the current pages url to load hidden content like malware or to invoke a redirection. Sometimes also detected as HTML.Trojan.Redirector.AP.

Crypto currency miner embedded on webpages to use the victims computer resources without disclosing this. Some webpages are actually infected by this without the adminitrators knowledge.

Obfuscated Javascript that decodes a string to add to the current pages url to load hidden content like malware or to invoke a redirection. Sometimes also detected as HTML.Trojan.Redirector.AP.

Detection on heavily obfuscated Javascript code on webpages which load additional code from a secondary source. Most of the affected sites host porn, ads or warez.

Detection on heavily obfuscated Javascript code which is used to conceal malicious content on webpages.

Generic detection for crypto currency miner. CoinMiner which is usually installed and run without user consent by Trojans or PUP to produce revenue for the software's distributors.

Mindspark is a browser plugin with questionable usefulness. It changes the startpage and the settings for search engines without user consent. It is also tracking the surf behavior of users. This signature is detecting the DLL of the tool.

Downloader for Chinese PUP, downloads and runs various Potentially Unwanted Programs like KuaiZip, which are installed without proper user consent. The payload may vary depending on downloader.

A script starts mining crypto coins while visiting a web site without noticing the user and/or without proper authorization.

2JS:Trojan.Gnaeus.G7,96 % Top10 Chart
3Application.CoinMiner.AY7,48 % Top10 Chart
4JS:Trojan.Gnaeus.F6,41 % Top10 Chart
5JS:Trojan.Downloader.RemoteClient.A2,85 % Top10 Chart
6HTML.Trojan.Obfus.AP2,79 % Top10 Chart
7Win32.Application.CoinMiner.T@gen2,27 % Top10 Chart
8Win32.Adware.Mindspark.E1,79 % Top10 Chart
9Trojan.Agent.BTGJ1,45 % Top10 Chart
10Script.Application.CoinHive.A0,78 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.