In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several reasons for an attacker to use this scripting technique.
For one, users cannot easily spot any malicious behavior since PowerShell runs in the background. Another is that PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it an attractive tool for attackers for carrying out malicious activities while avoiding easy detection.Read More