The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.

IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.

Autoit will do the job. A single line script will work. I used this line (lots of) years ago, to start robolabs, which insisted on being run as administrator, nothing less would work.

In addition to AutoIt, a 600MB AutoIt script was downloaded from the archive that included antianalysis checks, payload decryption, malware installation and persistence mechanisms.