PowerTrick Description

The TrickBot hacking group is back in the news with a new backdoor Trojan called PowerTrick. The TrickBot hacking group tends to target businesses and institutions involved in the financial sector. The PowerTrick backdoor Trojan is not used as a first-stage payload. Instead, the TrickBot hackers employ it at a later stage of the campaign as it would ensure further control over the infected system. The TrickBot hacking group consists of very experienced individuals who know what they are doing when it comes to cybercrime. This is no surprise that once again, they are going after high-end targets. Of course, to carry out a successful campaign against such targets, the TrickBot group employs very high-quality hacking tools that employ impressive evasion techniques.

The PowerTrick Trojan is Very Flexible Threatening

After detecting the activity of the PowerTrick backdoor Trojan on a compromised system, malware analysts studied it and found that to launch the threat, the TrickBot hackers are using the Windows PowerShell. Upon execution, the PowerTrick Trojan would begin collecting data regarding the compromised system’s hardware and software. Once the information in question is gathered successfully, the PowerTrick backdoor Trojan would transfer it to its operators’ C&C (Command & Control) server. To make the PowerTrick Trojan more flexible, the TrickBot hacking group has used the Metasploit framework. To add more flexibility, they also have employed custom-developed PowerShell tools. Doing this ensures that the operators of the PowerTrick backdoor Trojan can execute a very wide range of activities on the compromised system by loading and unloading different modules that serve different purposes.


Apart from the aforementioned capabilities, the PowerTrick backdoor Trojan also is able to transfer itself to network drives, as well as the attached systems. This nasty backdoor Trojan also is capable of planting additional malware on the infected system. The PowerTrick threat also can wipe out files that are no longer needed to reduce its footprint. Furthermore, the PowerTrick malware is capable of fully uninstalling itself from the compromised machine, which means that the victims may never even know that their systems have been infected. The fact that the PowerTrick backdoor Trojan can move laterally makes it threatenin, particularly because it can manage to compromise its target via another infected system connected to the same network.

The TrickBot group is a very prominent name in the world of cybercrime. These hackers are highly skilled and very persistent. They are known to update their tools and add new malware to their arsenal on a regular basis.

Do You Suspect Your PC May Be Infected with PowerTrick & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like PowerTrick as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.