Poweliks fileless malware that resides only in the memory of the compromised system has infected 200,000 PCs majority of them in the US
More than 200,000 PCs across the world are infected with a malware known as Poweliks, majority of which are based in the United States. Poweliks is a fileless malware which does not leave any trace on the storage drive of the infected machine and plants a script in Windows Registry that points to the malware and executes it in memory.
Security researchers at Symantec are researching its evolution and have discovered that Poweliks exploits now patched zero-day vulnerability (CVE-2015-0016) in Windows. Poweliks was first identified in 2014, but it appears that it was not fully developed at the time and could not achieve persistence on the machine, being removed at a simple restart of the computer.
According to Symantec the recent version of Poweliks is used for ad-fraud purposes by the cyber criminals by launching web pages in the background and clicking on the advertisements.
According to a report made by Symantec, Poweliks made about 3,000 ad requests from a single computer, each with a bid amount of $0.000503. The total revenue generated this way per day was calculated to $1.51 / €1.34. With around 200,000 zombie computers in their hands, the cyber criminals handing the Poweliks may be racking upto $20,000 / €18,000 from clicks on advertisements.
According to Symantec, in half a year’s time, Poweliks compromised 198,500 computers and more than 99.5% of them were located in the US.
Symantec notes that the pages loaded without the user’s knowledge sometimes hosted a web-based attack tool called Magnitude, which served an exploit for Flash Player that downloaded a variant of CryptoWall ransomware.
Microsoft has since patched the Windows zero-day vulnerability.