Dark Reading

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism for RAT deployment, a clever way to bypass defensive tools and rely on the ...
WATE 6 On Your Side

ANY.RUN Simplifies Analysis of Malicious PowerShell Scripts

ANY.RUN's Script Tracer tool now provides a detailed breakdown of every function in a PowerShell script, showing the entry point, parameters, and exit point. It also connects related functions' inputs ...
Bleeping Computer

Fake IT support sites push malicious PowerShell scripts as Windows fixes

Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. First discovered by eSentire's ...
Computer Weekly

PowerShell security threats greater than ever, researchers warn

Microsoft’s Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers, who have seen a surge in associated threats. In March 2016, ...
Dark Reading

PowerShell Increasingly Being Used To Hide Malicious Activity

Threat actors often try to take advantage of native tools in operating systems to conceal malicious activities. One tool that appears to be a particular favorite in this regard is the PowerShell ...
Computer Weekly

Fileless attacks surge as hackers exploit PowerShell scripts

The latest quarterly threat report from McAfee noted a fourfold increase in fileless hacking attacks utilising Microsoft PowerShell scripts. PowerShell is used mainly to automate administration tasks, ...
Bleeping Computer

Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.