The .NET framework, a software development framework created by Microsoft and is now a built-in component of Windows, includes components that enable developers to compile and execute C# source code during runtime. This allows programs to update or load modules without having to restart.
While the .NET framework is originally intended to help software engineers, cybercriminals have found a way to abuse its features to compile and execute malware on the fly. Recently, we discovered several kinds of malware, such as LokiBot (detected by Trend micro as Trojan.Win32.LOKI), utilizing this technique. This particular LokiBot variant disguises itself as a fake game launcher to trick users into downloading the malware into their machines and drops a compiled C# code into the system.
Source: Trend Micro