Trend Micro is closely monitoring the latest Trojan outbreak that has affected several organizations around the world, being commonly referred to as KOVTER.


Kovter is a Trojan that can be downloaded by other malware/grayware/spyware from remote sites. It connects to certain websites to send and receive information. It deletes the initially executed copy of itself.

File Type: EXE

Memory Resident: Yes

Payload: Connects to URLs/IPs

Here's how KOVTER commonly infects your computer:
  • Kovter arrives as Adobe Flash Advertising attack.
  • Latest Kovter variants are arrived as an attachment from spam mails. Macro based malspam.


As of July 20, 2017, the resolution for this issue is now available from Trend Micro's ActiveUpdate server. Trend Micro Security 2017 customers will receive the fix on the next scheduled update or manually download it by clicking > About the Software on the main console.

Release Summary:

TMTD Pattern: 168100

OPR Pattern Date: July 20, 2017


Additional Pattern released for detection of Kovter:

TMTD Pattern: 168300

OPR Pattern Date: July 27, 2017


If your Trend Micro Security program still continuously detects KOVTER after performing a program update, contact our Technical Support for help.



Threat Encyclopedia Entries:

Related Info

Comments (0)
Add a comment