# New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings



## JMH3143

> *There is a new banking trojan going around that uses Microsoft PowerShell to alter a computer's local proxy settings in order to redirect users to the wrong server when trying to access a banking portal.*
> 
> Banking trojans have hijacked computer proxy settings for years. This is how some of them operate. The difference is that they used local PAC (Proxy Auto-Config) files to achieve this, which they silently installed on infected hosts.
> 
> Security researchers from Kaspersky Lab say they've now detected a new trojan, which they named *Trojan-Proxy.PowerShell.Agent.a*, that uses PowerShell, a task automation utility included by Microsoft with its Windows OS, which was *recently open-sourced* for both Linux and Mac.
> 
> *Trojan delivered as PIF files in spam email attachments*
> 
> This particular banking trojan currently targets only Brazilian financial institutions and is distributed as a PIF file via email spam claiming to be receipts from mobile operators.


New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings


----------

