FreeHosting APT PowerSploit Poison Ivy

What is FreeHosting APT PowerSploit Poison Ivy?

FreeHosting APT PowerSploit Poison Ivy is the name of the cyber attack that was organized by cyber criminals back in 2017. This was definitely not an ordinary cyber attack. It was planned from beginning to end and affected only a specific group of users. To be more specific, they received emails with malicious download links. It is now known that emails that were involved in the malicious attack were these: wisers.data@gmail.com and health.pro.demo30@gmail.com. If it happens that you find an unopened email sent to you from any of these email addresses, you should ignore it completely because even though it is old, it might still cause you security problems once opened. It is hard to say whether cyber criminals might perform the same attack again in the near future, but they might surely perform similar cyber attacks based on the FreeHosting APT PowerSploit Poison Ivy modus operandi, so you should stay cautious. First, never open any suspicious email attachments and do not click on links suspicious emails contain. Second, do not download any programs from random websites you find on the web. Third, there must be a security application installed on your computer. Speaking about an automated antimalware tool, it will protect you against all kinds of computer threats as long as you keep it active on your system.

What does FreeHosting APT PowerSploit Poison Ivy do?

The FreeHosting APT PowerSploit Poison Ivy attack begins when a user clicks on a download link that downloads a malicious VBScript encoded with Base64 from a free hosting provider GeoCities (located in Japan). It is unclear who uploaded it there. The only thing researchers know is that it was uploaded by the user who called himself vbiayay1. Once the malicious script is downloaded and launched, several commands are executed one after another to encode the message, to hide the output, and to bypass authentication. The script also downloads a file named Meeting_summary.doc from the free hosting provider. As you can see for yourself, it does not seem to be a dangerous file. Unfortunately, it is. Once this MS Word document is opened, a Powershell script with an extension .ps1 is downloaded. It is not hard to trace it – if there is a process userinit.exe visible in Task Manager, it means that the script has already been downloaded. The script is used to inject a Shellcode into the fake process userinit.exe. This is when PoisonIvy RAT, a Remote Access Trojan, starts working on the affected computer. It might be used to perform all kinds of activities without the user’s knowledge. For example, make screenshots, log keystrokes, spy using a camera and microphone connected to the computer, download and install malicious applications, and steal personal information. In other words, PoisonIvy RAT might enable cyber criminals to access the affected computer remotely and perform all kinds of activities on it without the users’ knowledge. If you suspect that you have fallen victim to FreeHosting APT PowerSploit Poison Ivy and there might be a Remote Access Trojan installed on your computer, you should perform an in-depth scan on your system. Unfortunately, it is usually already too late to change something when users find out that their PCs are contaminated with malicious software.

Where does FreeHosting APT PowerSploit Poison Ivy come from?

As you should already know if you are reading this report from the beginning, FreeHosting APT PowerSploit Poison Ivy is a targeted attack that drops a Remote Access Trojan named PoisonIvy on the affected computer. Such cyber attacks targeted at a specific group of people might be used to distribute a bunch of other computer threats too, keep this in mind. Therefore, we cannot let you keep your system unprotected. To browse the web without the fear of encountering malware, you must install an antimalware tool on your PC and keep it active.

How to get rid of FreeHosting APT PowerSploit Poison Ivy

If it has turned out that you have become one of the FreeHosting APT PowerSploit Poison Ivy victims, and the Trojan infection that enables cyber criminals to do basically anything on the affected system has been dropped on your computer, you must take action today. Use a reliable antivirus/antimalware tool to clean your system. Computer threats can be removed manually as well, but we do not recommend that you do that if you are not a very experienced computer user. Inexperienced users will definitely keep at least some malicious components active and thus dropped malware could continue working on the system. 100% FREE spyware scan and
tested removal of FreeHosting APT PowerSploit Poison Ivy*

Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *