from TrendLabs Security Intelligence Blog
In 2014, we began seeing attacks or threats that abused the Windows PowerShell feature. At that time, it was uncommon to see threats leveraging this scripting tool as part of the malware’s capabilities. However, it’s also not surprising to see the proliferation of various threats using this feature. First of all, users cannot easily spot any malicious behavior on their infected systems since PowerShell runs in the background. Secondly, PowerShell has access to the services of the operating system (OS); and it can get usernames, passwords, and other system information. As such, this makes it a viable, if not a powerful arsenal for cybercriminals and attackers.
Post from: Trendlabs Security Intelligence Blog - by Trend Micro
