Kovter: the fileless click fraud malware

Kovter Trojan has been in effect since 2013. Being fileless, Kovter is different and stealthier than other Trojan families. It employs various anti-debugging, anti-VM, anti-sandboxing techniques, and has checks for identification of different security analysis tools. It uses different encryption techniques for different purposes. Like other Trojans, Kovter gathers user data and sends it to its Command & Control server (CnC). Besides these, the malware is capable of doing click fraud (defined as a malpractice where a computer or a person is maliciously used to click on online ads to generate revenue).

Download this PDF to read the technical analysis of Kovter

PDF icon

Safety measures to take

• Keep your OS and all other programs patched and up-to-date.

• Avoid downloading software or any type of files (music, video, games, etc.) from websites that serve a lot of ads or seem to have a low reputation.

• Install a trusted ad-blocker plugin on your browser. As the name suggests, the plugin disables ads from running on the websites you visit.

• Install a trusted antivirus software that can block malicious websites.

Subject Matter Expert
– Sandip Kirar (Quick Heal Threat Research & Response Team)

Quick Heal Security Labs

Quick Heal Security Labs

1 Comment

Your email address will not be published.


  1. Great Analysis !!!