New Kovter variant with legit certificate in the wild
The malware presents itself to potential victims as a Firefox update.
A new variant has been added to the Kovter malware family posing as a Firefox update and that uses a legitimate certificate has been spotted by Barkly.
The new version was discovered by the cybersecurity firm Barkly several weeks ago when the malware began infecting some of the company's customers. Upon further investigation Barkey researchers discovered that what was appearing was a new strain that not only utilized the latest fileless version of Kovter, but also contained a legit certificate to help it circumvent a computer's security system.
The malware presented itself to potential victims as a Firefox update and then performed the usual Kovter malicious activities such as installing remotely upgradeable access Trojans, executing click-fraud campaigns and dealing some ransomware.
Barkly said it reported the certificate being used to Comodo so it could be revoked.