Monday 06 July 2026 01:29:45 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Scheduled task persistence

A method of using scheduled jobs to rerun malware or maintain access after reboot.

Scheduled task persistence is a technique where malware creates or hijacks a scheduled job so code runs automatically at a later time, such as at logon, at a fixed interval, or after a reboot. On Windows, this often uses Task Scheduler; on other systems, similar cron jobs or timers can serve the same purpose.

It matters because persistence lets an attacker survive restarts, recover from partial cleanup, and keep re-launching payloads such as loaders, ransomware stagers, or credential stealers. Defenders often look for newly created tasks, unusual task names, odd command lines, encoded scripts, or jobs that point to user-writable paths. In incident response, checking scheduled tasks is a standard step when verifying whether a host is still compromised or whether malware can reappear after remediation.

← WIKICROOK index