"Poweliks" downloads additional malware, abuses PowerShell

Share this article:

According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.

On Friday, the security firm detailed the malware in a blog post, revealing that it hides its malicious code in Windows Registry to make it difficult for researchers to analyze “because there are no file references.” Roddell Santos, a Trend Micro analyst and author of the post, explained that the malware “checks if Windows PowerShell is installed on the affected system.” If PowerShell is not present, it installs the program in order to abuse its functionalities and run the malware's executable code, a malicious DLL (dynamic link library) file, Santos wrote.

A number of new malware variants have recently been discovered as leveraging PowerShell to hide malicious activity, including ransomware called “PoshCoder.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.