This can be a problem in some organisation that rely on anti-virus scans of storage devices as it doesn’t come in a file stored on the computer. Instead it is injected directly into memory.
Who says so?
IBM’s research department report that in 2018 less than half of reported attacks made use of file system storage. Malicious hackers use PowerShell to miss out the file system injecting their code directly into memory, thereby evading security designed to detect malware. These scripts in memory can then be used to harvest confidential information or even mine cryptocurrency eating up processing power.
What can we do?
PowerShell is a useful tool for Sysadmins but with these kinds of threats becoming common we need to ensure that our scripts are required to be digitally signed.