It starts as a batch file, which then runs a powershell script via the command prompt to download and install malware, which deletes itself after execution.
This week, we have observed another malware attack which carries out its entire infection cycle virtually fileless. This allows them to leave no trace of its existence behind and avoid detection by traditional antivirus software. Malware authors have been leveraging command line applications using batch files, VBScript, document macros or powershell coupled with parameters that allow them to execute without a command prompt window popping up.
Over the past few years, the SonicWALL Capture Labs Threat Research team has observed an increase in malware attacks that use legitimate Windows tools to carry out its malicious activities.
