powershell

Your Antivirus Won't Catch This. Here's Why.

John Z Black Apr 14, 2026

Threat Intelligence #msbuild-lolbin #fileless-malware #shadow-reactor #vbs #powershell #evasion #detection-gap

MSBuild is a Microsoft-signed Windows binary. SHADOW#REACTOR chains VBScript to PowerShell to a payload disguised as plain text. Both campaigns share one design principle: look like the environment, not like malware. Multiple independent threat actors are converging on the same technique, and most defenders aren't ready for it.