Hackers Weaponize Trusted Tools to Deploy Notorious Malware

ANY.RUN's Q1/Q2 2026 Cyber Risk report warns that attackers are increasingly abusing legitimate, preinstalled system tools and lightweight loaders to achieve near-instant persistence, harvest credentials, and stage follow-on malware such as ransomware, RATs, and info-stealers; telemetry shows a near doubling of loader activity and large increases in living-off-the-land techniques, creating stealthy, high-velocity threats that demand behavioral baselines, rapid sandboxing, application controls, least-privilege enforcement, and deception to detect and mitigate.