VBScript has long been an attack vector that could bring malicious software to an infected machine. The new ARS VBS Loader downloads malware and provides remote-control access to a botnet controller, making it both a malware loader and a RAT, or remote access trojan. The persistence mechanism for this loader is pretty unique, says Flashpoint’s Paul Burbage, senior malware researcher at Flashpoint. Burbage says the loader variant is being spread by relatively unsophisticated means.”]
Source: https://www.darkreading.com/attacks-breaches/new-malware-adds-rat-to-a-persistent-loader