Keitaro Malvertising — Browser Spawning Encoded PowerShell

Detects execution chains where a web browser spawns PowerShell processes with Base64-encoded commands, a pattern associated with malvertising campaigns such as Keitaro that distribute malware through malicious ads and phishing pages