"Poweliks" downloads additional malware, abuses PowerShell

Share this article:

According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.

On Friday, the security firm detailed the malware in a blog post, revealing that it hides its malicious code in Windows Registry to make it difficult for researchers to analyze “because there are no file references.” Roddell Santos, a Trend Micro analyst and author of the post, explained that the malware “checks if Windows PowerShell is installed on the affected system.” If PowerShell is not present, it installs the program in order to abuse its functionalities and run the malware's executable code, a malicious DLL (dynamic link library) file, Santos wrote.

A number of new malware variants have recently been discovered as leveraging PowerShell to hide malicious activity, including ransomware called “PoshCoder.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.