(also Kovter malware, fileless malware)
Kovter is an invisible, fileless malware that targets the Windows operating system. It avoids detection by traditional antivirus software by storing its configuration data on the computer’s registry. Kovter is constantly evolving and becoming more effective and evasive.
- Look for red flags. Keep an eye on mshta.exe and powershell.exe processes in Task Manager, and watch out for unexpected PowerShell notifications.
- Learn about phishing. Maintain good security practices like checking the sender’s email address, not opening emails that look suspicious, and not automatically downloading attachments.
- Keep your security tools up to date. Ensure your anti-spam filters, antivirus software, and firewalls are auto-updated. Check that your network security controls are in place (especially for shared documents).