Home Malware Programs Backdoors PowerTrick

PowerTrick

Posted: January 16, 2020

PowerTrick is a backdoor Trojan associated with Trojan.TrickBot attacks and lateral traversal throughout corporate network systems consistently. PowerTrick can assist remote attackers with infiltrating a network, removing evidence, and collecting financial information with for-profit motives. Users should protect their systems with appropriate security patches, well-chosen passwords, and robust anti-malware services for removing PowerTrick, among other solutions.

Trojan.TrickBot is Turning Some New Tricks for the New Year

With both ties to Russian hacking crimes through code from the Dyreza Trojan and North Korean hackers through Anchor, the threat actor that's running the Trojan.TrickBot campaign is, unsurprisingly, a long-term enemy in the cyber-security landscape. Once again, the Trojan.TrickBot program's code is becoming a recycling point for a 'new' Trojan with attack-enabling features: PowerTrick. The PowerTrick backdoor Trojan provides hackers with capabilities, mostly oriented around bypassing network security and gaining access to the desired financial systems.

PowerTrick is a later-stage threat whose installation occurs after the attacker gains access through other means, such as an e-mail phishing lure or brute-forcing credentials. After doing so, PowerTrick provides backdoor features for working around any account restrictions and security control features for gaining control over financial-purposed systems. The Trojan uses a relatively primitive, manual launch method through Windows PowerShell, and can accept a range of commands for executing, thanks to a redesigned Trojan.TrickBot module.

Besides the distinct possibility of PowerTrick's dropping other tools and Trojans, it also employs software vulnerability-abusing attacks via the Metasploit Project, like the HyperBro RAT. Currently, the threat actor also demonstrates concerns of detection and compensates by using PowerTrick for self-cleanup, evidence removal like deleting dropped files, etc. This behavior leans PowerTrick's application towards long-term surveillance or sophisticated cyber-robbery operations that can successfully compromise digital certificates or other, resale-worthy information from multinational companies.

Preventing Trojans from Expressing Their Power over Your Network

PowerTrick continues what's a distinct trend in Trojan.TrickBot's administrative team: the long-term updating and maintenance of software, modules, and 'borrowed' hacking tools. Some other cases demonstrating the productivity of the threat actor include Ostap – a JavaScript-based downloader – and the e-mail-spamming TrickBooster module. Users should anticipate regular updates to PowerTrick and related threats, and apply updates to their security services' threat databases as appropriate.

PowerTrick is, by definition, a threat whose deployment is part of an ecosystem of related hacking utilities and Trojans. In most cases, enterprise-grade corporations are the intended targets due to the high profits that the attackers can reap from compromising the network's data. Malware experts continue recommending workers watch their e-mail accounts particularly carefully for possible phishing attempts, which can include both attached files with embedded vulnerabilities and obfuscated links.

Updated anti-malware tools are all but mandatory for deleting PowerTrick and all related threats as soon as possible. Secondarily, network administrators also should emphasize containing the breach and preventing hackers from succeeding at any lateral traversal attempts.

PowerTrick is just one more point of business for the worldwide-operating criminals of Trojan.TrickbBot infamy. Although neither its goals nor its strategies are very innovative, the ongoing updates and tweaks make for a cyber-security puzzle that requires continuous solving.

Loading...