December 12, 2016 by

Microsoft’s PowerShell is Being Abused by Malware Authors

Microsoft Powershell, the software giant’s prominent scripting language that is now the default shell in the ever-popular Windows operating system is being used by cybercriminals to spread malware, security researchers have revealed.

Security firm Symantec has revealed that an analysis of scripts running Microsoft PowerShell saw a staggering 95.4 percent of the samples to be malicious. Malware authors are increasingly turning to the scripting language and shell platform, using its powerful flexibility to download their malware payloads, security researchers from Symantec confirmed.

PowerShell has been around for over a decade now, typically used by system administrators for daily management tasks. However, common cybercriminals and notorious larger groups are leveraging PowerShell too.

As the default shell framework, PowerShell makes for an attractive platform for malware authors to spread their malicious software. Most organizations are at risk, since they do not have extended logging enabled for the framework. Moreover, PowerShell scripts allow for payloads to be executed directly from system memory and they can also be easily obfuscated. Altogether, a favored attack tool, for cybercriminals.

Most malicious PowerShell scripts were used as downloaders, like Office macros, according to the cybersecurity firm’s researchers.

The most notable takeaways, such as the major prevailing malware families using PowerShell are:

All three of the above threats have seen their dispersal through spam emails, while Symantec added:

Over the last six months, we blocked an average of 466,028 emails with malicious JavaScript per day, and this trend is growing. Not all malicious JavaScript files use PowerShell to download files, but we have seen a steady increase in the framework’s usage.

As always, users are advised to update the latest version of PowerShell and keep their security software programs up-to-date with the latest updates and patches. Caution whilst opening attachment is recommended, especially when being presented with scripts or files from an untrusted source.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

Microsoft Admits Cloud Service Faces 300% Increase in CyberAttacks

Technology giant Microsoft has revealed that its cloud-based user accounts have seen a 300% increase...

Read more arrow_forward