Microsoft PowerShell Becomes a More Popular Malware-Spreading Tool

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Microsoft PowerShell is a really powerful tool for IT professionals running Windows, and the Redmond-based software giant is making it the default shell in the operating system, but security experts that cybercriminals are also increasingly using it for spreading malware.

Security firm Symantec analyzed malicious PowerShell scripts and said that the number of threats is growing at a fast pace, especially in the case of enterprises where the shell framework is more widely used.

Symantec says that most malicious PowerShell scripts are being used as downloads, including Office macros, and the ultimate goal is to execute code on a computer and then spread malware across the entire network.

Scripts trying to remove security protection
There are three common malware families that are spreading with PowerShell scripts these days, namely W97M.Downloader (9.4 percent of all analyzed samples), Trojan.Kotver (4.5 percent), and JS.Downloader (4.0 percent), according to Symantec.

“Over the last six months, we blocked an average of 466,028 emails with malicious JavaScript per day, and this trend is growing. Not all malicious JavaScript files use PowerShell to download files, but we have seen a steady increase in the framework’s usage,” the firm says.

Cybercriminals are also creating more complex PowerShell scripts that work in stages, so instead of compromising the target computer directly, they are actually linked to a different script that eventually deploys the malware. This helps bypass certain security solutions and protection apps, but in some cases, scripts can be developed to uninstall these security solutions or steal passwords used across the network.

The best way to protect against this type of threats is to run security software that’s fully up-to-date, as well as the latest version of PowerShell. Additionally, given the fact that most scripts are being delivered via email, avoid opening scripts, files, or links coming from untrusted sources that could pose a risk for your system or network.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top