Malware Shortcut Files (LNK) are Trending

Industry: N/A | Level: Tactical | Source: McAfee

Rising since the second quarter of 2022, McAfee labs have observed an increase in the use of LNK (shortcut files) in attacks to deliver malware such as Emotet, Qakbot, IcedID and etc. The shift in tactic has been attackers' response to Microsoft disabling office macros by default, stopping a popular infection routine. The use of LNK files that initiates the infection chain has proven to be as effective. Frequently delivered through a malicious email, the LNK pointer executes Living Off the Land Binaries (LOLBins) such as PowerShell, CMD, and Mashta to facilitate the download of malicious payloads.

Anvilogic Scenario:

• Initial Infection with LNK File

Anvilogic Use Cases:

• Symbolic OR Hard File Link Created
• Suspicious Executable by Powershell
• MSHTA.exe execution