ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.
PowerShell is Microsoft's task-automation shell and scripting platform, whose capabilities affect endpoint administration, abuse, and security controls.
Search across headline titles and summaries.
Background for this topic.
PowerShell is a command-line shell and scripting language for automating administration and configuration. It began as a Windows technology and is also available on Linux and macOS; its security-relevant features include access to operating-system APIs, scripting, and remote management. Administrators and defenders use it for tasks such as configuration enforcement, log analysis, and investigation.
Because PowerShell can download, decode, and execute scripts and use trusted administrative interfaces, attackers may abuse it for execution, persistence, credential access, or lateral movement, especially after obtaining valid permissions. PowerShell itself is not inherently malicious or a universal antivirus bypass. Useful controls include applying updates to the relevant PowerShell edition and its runtime, limiting script and remoting privileges, and enabling detailed logging such as script-block and transcription logs. Security teams can correlate those records with process, authentication, and network telemetry; controls such as application allowlisting and constrained language mode can further reduce abuse, while preserving required administrative workflows.
Weekly headline count for the current query.
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.
The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.