PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection

A newly discovered PowerShell-based shellcode loader, y1.ps1, was identified by Shenzhen Tencent Computer Systems Company Ltd. on June 1, 2025. This malware leverages advanced in-memory execution and evasion techniques.