Microsoft's PowerShell task automation framework is becoming one of the most popular tools for coding and enhancing malware, a Carbon Black study has discovered.
Aggregating data from over 1,100 separate investigations from 20 security firms, Carbon Black says that PowerShell was used in 38 percent of all the attacks they analyzed.
Respondents said that, in 31 percent of all the situations, their clients reported not receiving any warnings about the ongoing attacks.
PowerShell, a favorite tool for targeted attacks and commodity malware
In 87 percent of cases, the PowerShell malware was part of a shotgun approach, while for the rest, the malware was part of a targeted attack, specific to hacker groups and state-sponsored actors.
By shotgun approach malware, we mean common malware such as ransomware, click fraud bots, and other threats where the attacker doesn't care whom they infect as long as they infect someone.
Carbon Black claims that over half of these incidents were related to Vawtrack, a banking trojan that heavily uses PowerShell in its source code.
