Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines

The Vawtrak banking malware now leverages macros and the Windows PowerShell scripting tool to infect computers.

Subject : Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines


Summary from the source link:

The attack starts with a spam email that appears to come from FedEx, American Airlines or other companies. The bogus messages contain what appears to be a harmless document. When the document is opened with Microsoft Word, users are presented with random symbols and they are instructed to enable macros in order to view the content.After macros are enabled, the text in the document becomes visible. In the meantime, a batch file, a VBS file and a PowerShell script are dropped onto the infected system. The batch file is designed to execute the VBS file, which in turn runs the PowerShell script.

The opinions expressed in the posted news items/tweets do not necessarily reflect the views of IT Matrix.

If you have any questions or comments , please email to This email address is being protected from spambots. You need JavaScript enabled to view it..

Technical Services

A fiercely professional team of security specialists that can assist to establish and maintain a robust and secure computing environment. Read more...

Procedural Services

PCI DSS, ISO 27001, Risk Assessment and development, customization, or re-engineering of policies, processes, procedures and work instructions. Read more...

Product & Solutions

State-of-the-art technology backed by a qualified professional team at your door-step to secure the IT infrastructure from malicious threats. Read more...

Fraud Management

Protecting the organization's reputation and customers against possible online attacks as a result of e-commerce activities. Read more...