
← Back to Labs
← Volver a Labs
Medium
Campaign
Credential Access
EDR, Sysmon, Windows
PowerShell P/Invoke of CredEnumerate for Credential Manager Extraction
In today’s threat landscape, SEO poisoning campaigns continue to evolve by leveraging technology trends and user trust in widely adopted tools. A recent operation highlights how threat actors are impersonating AI development environments such as Gemini and Claude to distribute infostealers. Within these infection chains, the abuse of PowerShell stands out as a key execution and obfuscation vector.



