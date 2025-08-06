The toolsets used by threat actors to attack their targets are rapidly evolving, with a 127% spike in malware complexity over the past six months, according to OPSWAT, a cybersecurity company focusing on critical infrastructure.

In its inaugural Threat Landscape Report, published on August 6 during Black Hat USA, the firm estimated that this significant increase is primarily driven by three major factors combined

Multi-stage execution chains

Heavily obfuscated loaders (e.g. NetReactor)

Evasive behaviors that slip past traditional antivirus and endpoint detection and response (EDR) solutions

Adversaries Combine Lightweight Scripts to Bypass Detection

According to OPSWAT’s report, threat actors increasingly rely on chaining lightweight, obfuscated scripts to bypass detection.

Initial access vectors observed this year range from uncommon file types like .lnk shortcuts to more traditional phishing documents.

Then they typically leverage a combination of scripts (Batch, PowerShell, VBS, JavaScript…), each obfuscating the next stage, chained together in varying orders and depth.

“These script chains are designed for simplicity and modularity, which paradoxically makes them harder to catch. The execution is fast, and traces are minimal. A standout example was seen in targeted espionage campaigns across Eastern Europe, where LNK files served as silent launchers for heavily obfuscated script chains,” the OPSWAT report reads.