Kovter Malware Spread via Fraudulent Browser and Flash Updates in Malvertising Campaign

Cybersecurity firm Proofpoint recently detected a widespread malvertising campaign designed to distribute Kovter malware. In this campaign, malicious advertisements are displayed on websites via an advertising network and, when these sites are visited by an unsuspecting user, they display a fraudulent update, depending on the type of browser used. Chrome and Firefox users are asked to download a browser update while Internet Explorer and Edge users are asked to download a Flash update. If the user agrees, either a JavaScript or HTA file installs Kovter on the user’s system. Kovter then delivers ad fraud malware to the system. The NJCCIC recommends users review the Proofpoint article and remain cautious when browsing, even on reputable websites. Never apply, download, or install an unexpected patch or update that appears when visiting an unrelated website. Additionally, consider installing reputable ad-blocking and/or script-blocking extensions in web browsers, and ensure browsers are kept up-to-date by manually applying the update.