Symantec researchers discovered a new version of the Kovter trojan. The "mutated" version mimics the malicious one software Poweliks and is able to roam your computer's registry without having to be stored on your hard drive.
Kovter, originally labeled 2013, has been one of the most modern malware. Since then, he has been constantly changing his MO, adapting accordingly to new hacking campaigns and security measures that have been put in place to stop him.
According to Symantec, from the 2.0.3 version Kovter malware, (this version first detected 2015 for the first time), malware began borrowing survival methods from Poweliks. So it can be hidden in the computer registry.
The Windows registry is a special feature, a database that contains user profile information, settings for the software and hardware, which the operating system of Windows uses on a regular basis.
By storing it in the registry, Kovter is well hidden in infected machines and serves as an entry point for other more serious infections.
Symantec reports that the attackers are distributing this new version of Kovter primarily through attachments that handle spam emails.
Symantec also reports that the malware has mostly infected them users in the US (56%), the UK (13%), Germany (8%) and Australia (2%).
"Kovter malware has been constantly evolving since it was first discovered and shows no signs of leaving the landscape very soon."
Symantec researchers say.
However, Symantec has developed and distributes a Trojan.Kotver Removal Tool free of charge.
You can download it from the link below.
