Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world . But what makes these attacks unusual is the criminals ’ use of widely used legitimate tools and fileless malware , which explains why the attacks went largely unnoticed . “ This threat was originally discovered Vulnerability-related.DiscoverVulnerability by a bank ’ s security team , after detecting Vulnerability-related.DiscoverVulnerability Meterpreter code inside the physical memory of a domain controller ( DC ) , ” the researchers explained Vulnerability-related.DiscoverVulnerability . “ Kaspersky Lab participated in the forensic analysis after this attack was detected , discovering Vulnerability-related.DiscoverVulnerability the use of PowerShell scripts within the Windows registry . Additionally it was discovered Vulnerability-related.DiscoverVulnerability that the NETSH utility as used for tunnelling traffic from the victim ’ s host to the attacker´s C2 ” . Meterpreter is a well known Metasploit payload that allows attackers to control the screen of a device using VNC and to browse , upload and download files . NETSH ( network shell ) , is a Windows command-line utility that allows local or remote configuration of network devices . The attackers also took advantage of the Windows SC utility to install a malicious service to execute PowerShell scripts , and Mimikatz to extract credentials from compromised machines .