• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Windows Powershell

Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor

  • Posted on:June 14, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

we found a new sample that may be related to the MuddyWater campaign. Like the previous campaigns, these samples again involve a Microsoft Word document embedded with a malicious macro that is capable of executing PowerShell scripts leading to a backdoor payload. One notable difference in the analyzed samples is that they do not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.

Read More
Tags: MuddyWaterPowershellPRB-Backdoortargeted attacksWindows Powershell

New FAREIT Strain Abuses PowerShell

  • Posted on:April 25, 2016 at 1:24 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several reasons for an attacker to use this scripting technique.

For one, users cannot easily spot any malicious behavior since PowerShell runs in the background.  Another is that PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it an attractive tool for attackers for carrying out malicious activities while avoiding easy detection.

Read More
Tags: FAREITmacro malwarePowershellWindows Powershell

Banking Malware VAWTRAK Now Uses Malicious Macros, Abuses Windows PowerShell

  • Posted on:February 16, 2015 at 9:54 pm
  • Posted in:Malware
  • Author:
    Trend Micro
1

Last year we saw how the Windows PowerShell® command shell was involved in spreading ROVNIX via malicious macro downloaders. Though the attack seen in November did not directly abuse the PowerShell feature, we’re now seeing the banking malware VAWTRAK abuse this Windows feature, while also employing malicious macros in Microsoft Word. The banking malware VAWTRAK is…

Read More
Tags: banking malwaremacroSpamVAWTRAKWindows Powershell

Ransomware Now Uses Windows PowerShell

  • Posted on:June 1, 2014 at 7:54 pm
  • Posted in:Bad Sites, Malware, Ransomware
  • Author:
    Mark Joseph Manahan (Threat Response Engineer)
0

We highlighted in our quarterly threat roundup how various ransomware variants and other similar threats like CryptoLocker that now perform additional routines such as using different languages in their warning and stealing funds from cryptocurrency wallets. The addition of  mobile ransomware highlights how these threats are continuously improved over time. We recently encountered another variant that used the…

Read More
Tags: cryptolockerMalwareposhcoderransomwareWindows Powershell

Black Magic: Windows PowerShell Used Again in New Attack

  • Posted on:May 29, 2014 at 9:50 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Maersk Menrige (Threats Analyst)
1

The Windows PowerShell® command line is a valuable Windows administration tool designed especially for system administration. It combines the speed of the command line with the flexibility of a scripting language, making it helpful for IT professionals to automate administration of the Windows OS and its applications. Unfortunately, threat actors have recently taken advantage of…

Read More
Tags: APTCRIGENTplugXPowershellTaidoorTargeted Attacktargeted emailWindowsWindows PowershellWindows XP

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.