Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads June 20, 2019 https://www.cybereason.com/blog/ado...mic-techniques-to-deliver-customized-payloads
Of note is 41 VT vendors currently detect this. Windows Defender does not. No surprise there since its LOL based.
Except it does 8/52 : What it isnt detecting is the the fake launcher, but Windows Defender would had stopped the infection, so what is your point? Not to mention that the fake launcher is subject to "block at first sight" ... So nice job Windows Defender, I guess. Edit: I was wrong here, Windows Defender didnt detect the fake launcher , but it detected the malicious script, so it should have stopped the infection anyway.
I checked using the hashs from the article, like I said, the malicious script was stopped by WD 8/52: C7371297FEA738DD2A334399CD1239B4ADB435F3 Windows Defender + only 7 other security vendors detected the malicious script, the 41/52 detection is the launcher.