Kovter AdFraud Malware Updates Flash Plugin to Latest Version

Image Source: Google

We all know that one of the basic procedures to keep our computer system secure and free from viruses and malware is to keep the operating system as well as the installed applications updated, as it makes sure that your system is not vulnerable to hackers.

Apart from that, you must have heard from the security experts providing the same instructions for years. On the other hand, today you are going to get another reminder from the people you least expect i.e. hackers. Yes, you heard that right!

Hackers Develop Android Malware Every 17 Seconds

Image Source: Google

The latest version of virus known as the “Kovter” which is an ad fraud Trojan, infects the computer through Web-based security exploits like outdated web browsers and plugins, and then closes the inbound access after themselves by updating Flash Player to the latest version. Isn’t this surprising?!

So if you are running an outdated version of plugins including the Flash Player, Microsoft Silverlight, Java and Adobe Reader, then you could be the next target of this Trojan. Actually this virus takes advantage of vulnerabilities that have already been patched by the developers.

Once the malware has been downloaded and installed, it will take-over to your system and use it to make thousands of fake clicks on online advertisements. Apart from that, Kovter also updates your web browser’s Flash plugin to the most recent version, says ThreatPost.

New crypto-ransomware encrypts files then disguises them as quarantined

The moves by this ad fraud Trojan is very much similar to a housebreaker climbing into the house through an opening, and then closing that opening to keep other housebreakers out.

For those of you who don’t know, in most of the cases, after infecting the computer, ad fraud malware makes use of various strategies like patching the system to block other threats and hackers from attacking while having a full control over the system. But this time, updating Flash to the latest version is not their only strategy, actually they are more interested in serving users with the most appropriate ads while making sure that all the advertisements are displayed correctly.

It’s time to get rid of Adobe Flash all the way

We all are aware of the fact that Flash Player is required to play most of the video advertisements on web browsers, and in case you have out-of-date version of Flash then your browser won’t be able to run the Flash-based contents. The browsers are specifically designed by developers to act like that, and to protect users from exploits that could target older version of Flash Player, but this also cuts down the profits of ad fraud networks who solely relies on fraudulent ad clicks and views to generate revenue. This is the reason behind Kovter updating Flash plugin to an up-to-date version.

But, on the other hand, ad fraud networks gives a hard time to website owners and advertisers because both of them loses money when bots are used to generate views and clicks on the advertisements.

According to Sentrant:

“Many advertising exchanges will either not serve, or decrease the bid price of flash ads (video) to hosts who are detected using a very old version of Flash. In-fact we have seen the same Flash update behaviour on almost every other ad-fraud malware families that we have analysed.”

Kovter was also used by hackers as a police ransomware infecting 44,000 devices in 2014. In Jan 2015, GameZone and Huffington Post were also hit by the same malvertising attack using Kovter.

To keep your computer system secure from these malware and virus attacks, we will suggest you to update your Flash Player as well as other plugins to the latest version.

Report typos and corrections to [email protected]

ThreatPost Sentrant
Related Posts