On the subject of malware, there is a new one in town. Well, not exactly new as it was first discovered in August 2014. What is new is that it is now being used in conjunction with ransomware to target consumers.

Poweliks is emerging as an adware (see Definition) click-fraud that is distributed via phishing. Its target is Windows-based operating systems. The malware installs itself into Windows registry, where it hijacks existing entries, and it will launch itself when essential Windows functions are performed.

This Trojan is sneaky. It stores its own code within the registries, which allows it to remain in a computer. However, none of its files are stored on a computer file system, thus, making it very difficult to detect. 

After the Trojan is installed, it may contact its command and control (C&C) servers to download further instructions. Its main goal is to perform click-fraud operations, which will covertly download large number of online advertisements onto compromised computers and then automatically clicking or interacting with them to fraudulently earn revenue for the attacker.

Things seem to have gotten worse. Poweliks is now linked to ramsomware attacks especially Cryptowall, and is troubling to victims, but profitable for the attackers.

In the click-fraud attacks perpetuated by Poweliks, victims are basically unaware that ads based on keywords are requested; it is made to seem that the victim searched for the selected keywords, and then allows the attackers to receive money. As the selected ads are not shown to the victim, they are unaware of Poweliks’ presence on their computer.

Poweliks can request as many as 3,000 ads per day on a computer. With this high number of request for ads, it could eventually download malicious ads onto the victim’s computer that may cause other malware to be installed, such as Cryptowall ransomware. In such a case, the victims are initially unaware that Poweliks was displaying ads on their computers, and they then get locked out of their computers while being prompted to pay a ransom.

Yet, there are some security experts who say that ransomware’s connection to Poweliks is purely coincidental. As mentioned earlier, the main objective of Poweliks is click-fraud operations that would enable the attacker to derive revenue from clicks. On the other hand, ransomware will halt the use of the computer to demand a ransom, while disrupting the revenue stream that Poweliks is exploiting.

Then again, with cybercriminals you sometimes don’t know what to expect, as they look for new and improved ways to steal from unsuspecting victims or hold them to ransom.

Recommendation

Users are advised to always be on guard when using their computers, surfing the Net and when receiving emails with web link or attachments from unknown users. If such emails are from known users, be aware that it may be forged and not from the said sender.

Definition

Adware – advertising-supported software that automatically renders advertisements in order to generate revenue for its author.

Source

1. Bank Info Security.
2. Effect Hacking (image 1).
3. Gross Web (image 2).