Malware Shortcut Files (LNK) are Trending

Rising since the second quarter of 2022, McAfee labs have observed an increase in the use of LNK (shortcut files) in attacks to deliver malware such as Emotet, Qakbot, IcedID and etc. The shift in tactic has been attackers' response to Microsoft disabling office macros by default, stopping a popular infection routine. The use of LNK files that initiates the infection chain has proven to be as effective. Frequently delivered through a malicious email, the LNK pointer executes Living Off the Land Binaries (LOLBins) such as PowerShell, CMD, and Mashta to facilitate the download of malicious payloads.