Threats that abuse PowerShell continue to increase as attackers find ways to abuse it to deliver banking trojansbackdoorsransomware, and cryptocurrency-mining malware, and, more recently, fileless malware and malicious Windows Management Instrumentation (WMI) entries. Indeed, PowerShell’s flexibility and capabilities make it a potent tool in cybercriminal hands. For instance, it can be abused to facilitate exploits, lateral movementwithin the compromised network, and persistence.

https://blog.trendmicro.com/trendlabs-security-intelligence/proofs-of-concept-abusing-powershell-core-caveats-and-best-practices/