What is Cobalt?

Cobalt is a dangerous Trojan that exploits a document vulnerability Microsoft have not disclosed or patched for 17 long years. This malware infection can provide full control of your PC to cyber criminals. In other words, your sensitive information could be stolen, files could be corrupted, and you could also be spied on, not to mention the fact that other malicious programs could also be planted on your computer. Since this vulnerability has finally been patched by Microsoft, you can avoid such nightmares if you update your Microsoft Office software and remove Cobalt from your system. Please read our full description learn more about this dangerous attack and how you can prevent similar ones from happening in the future.

Where does Cobalt come from?

Our malware experts at have found that this Trojan targets Russian speakers. This threat is distributed to potential victims in a spam mail claiming to come from Visa payWave, which is supposed to be " a secure, fast, easy way to pay for everyday purchases." This spam has two attached files: an RTF document and a ZIP archive. Both of them have the same name, "Изменения в системе безопасности.doc Visa payWave.doc" and "Изменения в системе безопасности.doc Visa" The ZIP archive is password-protected and you can find the password in the mail. There are basically two reasons why cyber crooks would use such a file to infect you. First, anti-virus programs cannot check the content of such archives, which we can rule out in this case because the malicious document is also attached. Second, it may seem more authentic to have to deal with a password-protected file seemingly coming from Visa.

Unfortunately, once you try to view the attached RTF document, this vicious attack initiates and background operations start up to facilitate the operation of Cobalt. Obviously, it is important that you become more cautious around your mails and only open them if expected or they come from known and trusted parties. If you are in doubt, you definitely should not open them as you could infect your system with this Trojan or even a ransomware program. If you want to protect your system and your privacy, you must delete Cobalt right now.

How does Cobalt work?

This Trojan does not actually use a physical malicious file to attack you. Instead, after you open the RTF document, it executes a Javascript in the background that downloads and runs a powershell script that loads Cobalt malware to memory. This is yet another way to lay low and possibly not get detected by anti-malware software. This malware infection exploits the so-called CVE-2017-11882 document vulnerability that seems to have been around for 17 years. Once all the scripts are in place and operating, this Trojan practically can provide full access to your machine as well as control. This means that the cyber criminals behind this attack can do whatever they want with your system. They could install further infections without your knowledge, disable your anti-malware tool, spy on you by even using your web camera, steal sensitive information, damage files, and so on. You should really take it seriously because, before long, you could lose more than you think. It is essential that you remove Cobalt from your system ASAP. Please read on to learn how you can deactivate and eliminate this threat.

How do I delete Cobalt?

Fortunately, Microsoft managed to finally patch this vulnerability in the middle of November, 2017, after 17 years. Therefore, the most important thing to do in order to avoid further exposure to this Trojan is to update your Microsoft Office. Once done with that, you can delete the related file in your "%APPDATA%" folder, which may have a random name. Please follow our instructions below if you need help with these steps. If you do not think you can clean your PC manually of all the possible threats, we advise you to start using professional anti-malware software like SpyHunter. This reliable security software can automatically take care of all existing threats so that you can enjoy your virtual experience without the fear of harming your system or your files stored on it.

Remove Cobalt from Windows

  1. Update your Microsoft Office software.
  2. Press Win+E.
  3. Locate and delete "%APPDATA%\[random name].ps1"
  4. Empty your Recycle Bin.
  5. Restart your computer. 100% FREE spyware scan and
    tested removal of Cobalt*

Leave a Comment

Enter the numbers in the box to the right *