Be Careful! Kovter Malware Uses Fake Browser Updates To Attack PC


In the Computing world, there are a large number of malware that comes and go but some have remained over the Windows PC strongly through out the several years. The most common feature of persistent malware is the ability to evolve rapidly but their behavior, infectious methods and payloads are rarely unchanged. These days, a news spread rapidly over the Internet is that Kovter Malware spreads through the fake browser updates.

As we all are too much familiar with Kovter malware that has been encountered in the February, 2017.  At the detection time, it is known as a campaign of Locky Ransomware that were transmitted through an email letter. But recently, in the October 2017, Kovter malware became relevant. It evolved into more evasive and effective fireless Trojan. Here is just a closer look at Kovter malware and it’s distribution method.

[Know More About Kovter Malware  –]

Kovter Infection Chain as Follow :

Porn sites have been determined which involved in the campaigns of all malicious or suspicious advertisements. The ads leads victim to dubious updates for all saved browser. When you will using browser, the exact message which appeared on your screen is that “critical update required”. When you trust on such a fake message and updates your browser then it will successfully lurk inside your PC. However, each browser will receive the different updates.

The group of malvertising named KovCoreG group, has blamed that Kovter malware usually spread through advertisements that places in porn sites. This malware is mainly focused on compromising System users of United Kingdom, Australia, Unites States and Canada. The method of delivering the fake updates, used by several fraudulent sites. Nobody can easily say that System user won’t falls for such a scam.


Once fake software update will be installed on your PC, the payload of Kovter malware will contact with the group of KoveCoreG groups through C&C server. Then after,, a harmful redirect hosted will be take place on your PC. This redirect hosted usually allows the installation of call that hosted behind KeyCDN. Different browsers users have fake software update in several file including Firefox users will receive firefox-patch.js, Chrome users will notice runme.js file and much more. The downloadable files that installed by the Kovter malware were HTA (Edge, IE) or JavaScript (Firefox, Chrome).

Tips To Prevent PC Against Kovter Malware

  1. Don’t open any spam messages, letter or attachments that comes in your inbox from unknown sender.
  2. Avoid to update your browser through redirected links.
  3. Always select Custom or Advanced installation option to download any freeware packages into your PC.
  4. Keep a backup copy of your all stored application or crucial data.
  5. Avoid to visit any porn or gambling site.

[For Getting Kovter Removal Tips, You May Visit –]

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar