• sylver_dragon@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    21 days ago

    Seen this one in my work environment. Confusing as heck the first time. It looks like explorer.exe in the context of the local user starts PowerShell.exe with a command line involving an Invoke-WebRequest piping the download into an Invoke-Expression (usually the shorter iex alias). No .lnk or .js file involved. Just explorer, PowerShell, infected.