"Poweliks" downloads additional malware, abuses PowerShell

Share this article:

According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.

On Friday, the security firm detailed the malware in a blog post, revealing that it hides its malicious code in Windows Registry to make it difficult for researchers to analyze “because there are no file references.” Roddell Santos, a Trend Micro analyst and author of the post, explained that the malware “checks if Windows PowerShell is installed on the affected system.” If PowerShell is not present, it installs the program in order to abuse its functionalities and run the malware's executable code, a malicious DLL (dynamic link library) file, Santos wrote.

A number of new malware variants have recently been discovered as leveraging PowerShell to hide malicious activity, including ransomware called “PoshCoder.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS