The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.
A new obfuscation technique has been spotted that uses the features of PowerShell, a tool that comes built into Microsoft Windows. Analysis from Cylance shows that the tactic succeeds in bypassing most antivirus products.
Cylance researchers stumbled across a malware file using a PowerShell obfuscation method while looking into a set of malicious scripts that had low antivirus detection. The file was a ZIP file containing both a PDF document and VBS script, and it was flagged by just three antivirus products.