Kovter malware is distributed through browser updates

It is a technique that we have already seen on previous occasions, and now it is repeated. A group of cyber criminals called KovCoreG has dedicated itself to launching false updates to browsers and Flash in order to spread a malware called Kovter in this way. They have used malicious advertisements on various portals to redirect users to a fraudulent portal.

Kovter malware is distributed through browser updates

Users were asked to update their browser (Chrome, Firefox or Internet Explorer). They were asked to download an update to the Flash component. In this way, JavaScript or HTA files were downloaded. These files are the ones that make Kovter enter our team.

Kovter is an intermediary

In this case, Kovter is not the main danger itself. It acts more as an intermediary, as it is a malicious code downloader. So it can enter our computer in advertising mode or as ransomware. Most of the sites where this problem has been detected are adult content websites like Pornhub.

Researchers have said that this bogus ad campaign has already been removed from most sites. Although they hope it will happen again soon. In fact, some cases have already been detected on Yahoo in recent weeks. This confirms one of the trends that were being observed this year. Advertisers focus on redirecting users to scam-ridden social engineering sites.

New cases involving Kovter malware are expected to emerge soon. So we will surely talk about this problem again. To avoid this problem, browser updates are never carried out through a website. Much less of a website that you do not know and is advertised on pages with adult content.