Post by Expel

PowerShell alert. Nothing special, our SOC sees dozens daily. What made this one worth telling you about? When we pulled the thread, it led back three days to a "disk cleaner" that wasn't *just* a disk cleaner. The malware was bundled with it in the installation package. Here's what we did: we caught the proxyware mid-installation and killed it. Chain broken, attack stopped. Read the full investigation: https://lnkd.in/gckEsd3e