PowerShell
Coverage of PowerShell in the Nexus archive.
- Malware steals Chrome session cookies to take over your accounts
A phishing email with a malicious JavaScript file disguised as a PDF installs a Chrome extension that steals session cookies and uses Chrome Native Messaging to execute PowerShell commands. The malware bypasses multi-factor authentication by hijacking active browser sessions and collects data like open tabs and system files.
- [GR] Fake Cloudflare Human Verification Scam (me3k.trappopbuttonrightnow.monster) - Executed PowerShell Script
A user was redirected to a fake Cloudflare Human Verification page that tricked them into executing a PowerShell script. The script downloaded and ran code from a suspicious domain, prompting the user to disconnect their PC from the internet and run malware scans, which found no threats.
- What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
The most dangerous security risk in organizations comes from trusted utilities like PowerShell and WMIC, which are also used by threat actors. Bitdefender's analysis highlights this issue. Modern threat actors prefer these trusted tools over malware.