Blog

Quick Heal Security Labs
Kovter: the fileless click fraud malware
June 25, 2016

Kovter_the_fileless_click_fraud_malware

Kovter Trojan has been in effect since 2013. Being fileless, Kovter is different and stealthier than other Trojan families. It employs various anti-debugging, anti-VM, anti-sandboxing techniques, and has checks for identification of different security analysis tools. It uses different encryption techniques for different purposes. Like other Trojans, Kovter gathers user data and sends it to its Command & Control server (CnC). Besides these, the malware is capable of doing click fraud (defined as a malpractice where a computer or a person is maliciously used to click on online ads to generate revenue).

Download this PDF to read the technical analysis of Kovter

PDF icon

Safety measures to take

• Keep your OS and all other programs patched and up-to-date.

• Avoid downloading software or any type of files (music, video, games, etc.) from websites that serve a lot of ads or seem to have a low reputation.

• Install a trusted ad-blocker plugin on your browser. As the name suggests, the plugin disables ads from running on the websites you visit.

• Install a trusted antivirus software that can block malicious websites.

ACKNOWLEDGEMENT
Subject Matter Expert
– Sandip Kirar (Quick Heal Threat Research & Response Team)

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Threat Research Labs provides detailed analysis of current malware trends, threats, vulnerabilities and recent cyber-attacks. The Labs’ reports help...
Articles by Quick Heal Security Labs »

1 Comment

Your email address will not be published.

CAPTCHA Image

  1. Great Analysis !!!

    Reply