Quick Heal Security Labs

Kovter: the fileless click fraud malware

June 25, 2016
1 Comment
Estimated reading time: 1 minute

Kovter Trojan has been in effect since 2013. Being fileless, Kovter is different and stealthier than other Trojan families. It employs various anti-debugging, anti-VM, anti-sandboxing techniques, and has checks for identification of different security analysis tools. It uses different encryption techniques for different purposes. Like other Trojans, Kovter gathers user data and sends it to its Command & Control server (CnC). Besides these, the malware is capable of doing click fraud (defined as a malpractice where a computer or a person is maliciously used to click on online ads to generate revenue).

Download this PDF to read the technical analysis of Kovter

PDF icon

Safety measures to take

• Keep your OS and all other programs patched and up-to-date.

• Avoid downloading software or any type of files (music, video, games, etc.) from websites that serve a lot of ads or seem to have a low reputation.

• Install a trusted ad-blocker plugin on your browser. As the name suggests, the plugin disables ads from running on the websites you visit.

• Install a trusted antivirus software that can block malicious websites.

Subject Matter Expert
– Sandip Kirar (Quick Heal Threat Research & Response Team)

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal...
Articles by Quick Heal Security Labs »

1 Comment

Your email address will not be published.


  1. Great Analysis !!!