Security News > 2022 > June > Malicious Windows 'LNK' attacks made easy with new Quantum builder
LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries, such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application files.
Researchers at Cyble have spotted a new tool for creating malicious LNKs called Quantum, which features a graphical interface and offers convenient file building through a rich set of options and parameters.
Quantum offers UAC bypass, Windows Smartscreen bypass, the ability to load multiple payloads on a single LNK file, post-execution hiding, startup or delayed execution.
Finally, Quantum also offers the option to build HTA files and ISO archives, which typically go hand in hand in attacks involving LNK, with everything bundled inside the disk image files.
As long as using LNK files is effective for malicious actors, the rising trend in their deployment is expected to continue.
Tools like Quantum are accelerating the adoption trend even more and make the choice of LNK files more enticing to cybercriminals.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- How to fend off a quantum computer attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)