Microsoft has replaced Command Prompt with PowerShell in latest Windows 10 build. However, it has now become a target for malware writers.
Microsoft PowerShell Becomes a Powerfull Malware Spreading Tool
We all know that Microsoft has replaced Command Prompt with PowerShell as the default shell system in their latest Windows 10 Insider Build 14971. The latest build also brings many new features which include the ability to read EPUB books in the Microsoft Edge browser itself, new Paint 3D app.
The company’s replacement for the Windows command line has now become a target for malware writers. The security firm Symantec claims that they have seen a 95.4% rise in Powershell malware instances.
Symantec had also confirmed that they had noticed the number of threats growing at a fast pace, especially in the case of enterprises where the shell framework is more widely used. The firm also confirmed that most of the malicious scripts are used as downloads like office Macros and the goal is to execute code on a system and to spread malware across the entire network
As reported by Softpedia, right now there are three common malware families that are spreading with PowerShell scripts known as “W97M.Downloader (9.4 percent of all analyzed samples), Trojan.Kotver (4.5 percent), and JS.Downloader (4.0 percent)”
Symantec says “Over the last six months, we blocked an average of 466,028 emails with malicious JavaScript per day, and this trend is growing. Not all malicious JavaScript files use PowerShell to download files, but we have seen a steady increase in the framework’s usage,”
Cybercriminals are working to create more complex scripts that can help bypass certain security solutions and protection apps. However, in certain cases, scripts can be developed that can disable security solutions or steal passwords used across the network.
Security firm Symantec suggested that users must run updated security software to protect themselves from this kind of attacks and avoid opening emails that contain scripts, file or links coming from unknown sources.
