New Brazilian Trojan Bypasses PowerShell Security Policies

Security experts discovered a new Trojan virus that targets hosts in Brazil. The new malware is a formidable threat as it bypasses Powershell execution policies to make changes in the system settings.

The New Trojan uses PowerShell to overwhelm computers in Brazil

Regarding infections, Brazil is the most affected country in the world according to a Q1 2016 report made by one of the leading security vendors. The newest threat is known as Trojan-Proxy.PowerShell.Agent.a is the next step for the malicious developers. The malware is distributed through mass email campaigns. The messages are counterfeit mobile operator notifications that contain attachments in PDF files containing the Trojan instance.
Upon execution, by the unsuspecting the user, the Trojan modifies the proxy configuration settings in Internet Explorer to a criminal remote server. The users are then faced with phishing pages by the malware redirects to popular Brazilian banks.
In comparison with previous Trojans, the new threat uses a PowerShell command to bypass the security measures. The Trojan also does not use C&C communication.
Once the security bypass has been completed, the malware also checks the language of the OS. This behavior is designated to check if the victim computer is from Brazil. The Trojan aborts the operation if the target is not from this country.
Security experts advise computer administrators to allow only execution of signed scripts.

proxy_powershell_eng_3

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *