Remove PowerSniff PoS Malware and Protect Yourself from It - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove PowerSniff PoS Malware and Protect Yourself from It

shutterstock_223094779A new file-less malware has been spotted to send out approximately 2000 spam e-mails per week to users. The malware does not have any files, but instead it spreads via infected Microsoft Office macros. All users who have been affected by this malware should immediately take action towards blocking the active connection and removing this cyber-threat from their computer via anti-malware software.

NamePowerSniff
TypePoS Malware
Short DescriptionSteals financial data from the infected PoS system.
SymptomsSlow PC, PowerShell or CMD run briefly and close. Creates a temporary dll file in %AppDataa%.
Distribution MethodVia malicious macros in Microsoft Office documents.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by PowerSniff
User Experience Join our forum to discuss PowerSniff.

PowerSniff – Methods of Distribution

The primary method of distribution of this PoS threat is via spam email messages, containing infected Microsoft Word, Excel, PowerPoint or other documents with infected macros. Here is an example of how a spam email sent out may appear like.

conflict-spam-macro-sensorstechforum

The sniffer-like malware is also reported to be spread primarily across the United States, but infections can also be seen in Canada and all over Europe as well.

Related Article: New Pro PoS Solution Banking Malware Available

PowerSniff In Detail

Once activated, the ransomware sends out system information to infect the user PC. After its macro has been enabled, similar to a network sniffer, the malware immediately sends system information to a remote host. Such information may include:

  • Windows version and architecture. (32 bit vs. 64 bit).
  • Computer’s antivirus software.
  • Firewall protection.
  • IP address.

Researchers at GrahamCluley report that after infecting the user PC, PowerSniff runs a concealed Power Shell window and executes an administrative command:

→ powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden –noprofile

Not only this, but the ransomware also begins to tamper with the Windows Registry Editor modifying it so that it creates a temporary DLL file in the %AppData% folder.

After the infection itself has been conducted, the malware has a clever selection process by which it looks for any PoS operation on the infected PC to collect credentials from them. This happens by looking for words such as “Point-Of-Sale”, “Sale” and others.

Not only this, but it also excludes any hospitals and medical centers from its hit list. This means that it excludes words such as “Hospital,” and others. These all point out to the ethics and cleverness of its developers.

Remove PowerSniff PoS Malware and Prevent It in the Future

If you believe you have become a victim of this threat it is essential to immediately transfer the funds and change the financial credentials of the PoS system and also on other systems in the network. To remove the malware, we advise using an advanced anti-malware software and following the step-by-step manual below, if the PoS system is working via Windows OS.

1. Restore the settings in your browser
2. Remove PowerSniff with SpyHunter Anti-Malware Tool
Optional: Using Alternative Anti-Malware Tools

After the removal of this malware make sure you follow the mentioned herein safety tips. They will make sure your organization is significantly more protected than any other threats of such type in the future.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.