Monday 06 July 2026 11:28:51 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Windows Script Host


Old Malware, New Script Chain: Why LokiBot Still Fits Modern Windows Defense Gaps

Published: 25 June 2026 14:55Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

A recent LokiBot campaign pairs obfuscated JScript with PowerShell, showing how native Windows scripting can still carry commodity credential theft past noisy perimeter controls.

When a RAR File Becomes a Delivery System for Windows Persistence

Published: 24 June 2026 10:20Category: Malware & BotnetsGeo: Europe / UkraineAuthor: SIGNALMONK

A targeted campaign tied to Ukraine’s UAV ecosystem shows how a booby-trapped archive, a script loader, and a decoy document can turn routine file handling into a foothold.

Trusted Chat, Untrusted Payload: How WhatsApp Messages Became a Windows Delivery Route

Published: 22 June 2026 18:22Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

Compromised WhatsApp accounts are being used to push malicious VBScript files, then legitimate RMM tools are abused to keep access alive on infected Windows machines.

Windows Script Hosts and Tor: The Hidden Path in a Crypto Clipper Campaign

Published: 19 June 2026 08:02Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A Windows-based crypto clipper reportedly leans on WScript, ActiveXObject, and Tor, a combination that can blur the line between ordinary scripting and malicious automation.

Windows Scripting, USB Shortcuts, and Tor: The Hidden Machinery Behind a Crypto Clipper

Published: 18 June 2026 18:24Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

Microsoft says a Windows-based cryptocurrency clipper has been active since February 2026, and its design leans on built-in scripting, shortcut abuse, and Tor-hosted command infrastructure.

Purchase-Order Traps Are Turning JavaScript Into a Quiet Enterprise Backdoor

Published: 03 June 2026 10:29Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A procurement-themed .js attachment can become a foothold on Windows, showing how a routine inbox task can turn into execution, persistence, and remote control.

Windows’ Old Script Host Is Back in the Dock as Stealers Ride In

Published: 20 May 2026 10:25Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

MSHTA’s return to attacker toolkits shows how a trusted Windows component can still be used as a delivery path for commodity malware families such as LummaStealer and Amatera.

When a Retired Windows Relic Becomes the Delivery Truck for Stealers

Published: 20 May 2026 08:18Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

MSHTA is not a zero-day exploit; it is a trusted Windows script host that attackers can abuse as a low-friction launch path for commodity malware.

Shortcut Traps and Script Lures Keep Working for Kimsuky’s Phishing Playbook

Published: 19 May 2026 12:48Category: Cyber Warfare & Nation-State OperationsGeo: Asia / North KoreaAuthor: AGONY

A reported campaign tied to Kimsuky shows how deceptively ordinary Windows file types can still carry real espionage risk when they arrive in a tailored email.