Experts report that the number of computers infected with Poweliks Trojan has been growing recently. The primary distribution technique at the moment is through spam, but the cyber criminals are using other methods as well.
Details on the Poweliks Trojan
Poweliks Trojan is quite difficult to detect because it is not stored on the compromised machine as a file. This particular piece of malware is being located in a registry subkey in the system’s memory. Once executed, Poweliks creates registry entries with commands that check if the affected computer has PowerShell or .NET frameworks. In case it doesn’t, the Trojan downloads the installers directly from the Web. Then, Poweliks decrypts a PowerShell script from its JavaScript, which is encrypted. The Powershell script is needed to execute a binary program that establishes a connection with the following remote locations:
- 178.89.159.35
- 178.89.159.34
This allows the attackers to send commands to the compromised machine. After it connects the victimized PC to the C&C server, the Trojan will delete the binary.
Poweliks Trojan Delivered via Spam Emails
Researchers with Symantec report that the latest infections are mostly distributed via spam emails that claim to be sent by the Postal Service in the US or Canada. The victim is presented with detailed information about a missed package delivery. The scam email has a Microsoft Word document attached which contains the Trojan.
The Poweliks Trojan was first detected by a researcher with GData in July this year.
Other Distribution Methods
Reportedly, the Poweliks Trojan can also be delivered through exploit kits. The French researcher Kafeine has spotted Poweliks being delivered to the targeted system by Anger Exploit Kit in September 2014. In this particular sample, the malware is eliminated the next time the computer is started, because there are no registry keys that would allow it to start along with the operating system.
Remove Poweliks Trojan automatically with Spy Hunter Malware – Removal Tool.
Clean your computer with the award-winning software Spy Hunter!
It is highly recommended to run a FREE scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.