"Poweliks" downloads additional malware, abuses PowerShell

Share this article:

According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.

On Friday, the security firm detailed the malware in a blog post, revealing that it hides its malicious code in Windows Registry to make it difficult for researchers to analyze “because there are no file references.” Roddell Santos, a Trend Micro analyst and author of the post, explained that the malware “checks if Windows PowerShell is installed on the affected system.” If PowerShell is not present, it installs the program in order to abuse its functionalities and run the malware's executable code, a malicious DLL (dynamic link library) file, Santos wrote.

A number of new malware variants have recently been discovered as leveraging PowerShell to hide malicious activity, including ransomware called “PoshCoder.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.