The North Korean threat actor ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware in July 2022, the same month that Microsoft began blocking macros across Office documents by default.
Other bespoke malware used by the group include, Chinotto, BLUELIGHT, GOLDBACKDOOR, Dolphin, and M2RAT.
The use of LNK file decoys to activate the infection sequences was also highlighted by the AhnLab Security Emergency Response Center (ASEC) last week.
Another attack wave observed at the beginning of November 2022 employed ZIP archives incorporating LNK .
Check Point also notes that the Amadey malware was deployed using ZIP archives containing lNK files to deploy the Amaday malware.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply