VERY IMPORTANT

We previously outlined a spam campaign that delivered FAKEGLOBE and CERBER ransomwares. This week the spam party did not just include CERBER, but also decided to invite an old friend – the KOVTER family. In 2015, KOVTER, a click-fraud malware, made headlines when it used a file-less technique similar to the POWERLIKS trojan. The KOVTER malware embeds a JavaScript into the registry and executes a PowerShell script which eventually loads the main KOVTER binaries. This kind of persistence has made it difficult for security vendors to detect the malware.