Security News > 2022 > June > Malicious Windows 'LNK' attacks made easy with new Quantum builder
LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries, such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application files.
Researchers at Cyble have spotted a new tool for creating malicious LNKs called Quantum, which features a graphical interface and offers convenient file building through a rich set of options and parameters.
Quantum offers UAC bypass, Windows Smartscreen bypass, the ability to load multiple payloads on a single LNK file, post-execution hiding, startup or delayed execution.
Finally, Quantum also offers the option to build HTA files and ISO archives, which typically go hand in hand in attacks involving LNK, with everything bundled inside the disk image files.
As long as using LNK files is effective for malicious actors, the rising trend in their deployment is expected to continue.
Tools like Quantum are accelerating the adoption trend even more and make the choice of LNK files more enticing to cybercriminals.
News URL
Related news
- Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925) (source)
- Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit (source)
- Microsoft closes Windows LSA hole under active attack (source)
- New Windows PetitPotam NTLM Relay attack vector fixed in May updates (source)
- Microsoft fixes new PetitPotam Windows NTLM Relay attack vector (source)
- Microsoft shares mitigation for Windows KrbRelayUp LPE attacks (source)
- Windows zero-day exploited in US local govt phishing attacks (source)
- Qbot malware now uses Windows MSDT zero-day in phishing attacks (source)
- Microsoft fixes under-attack Windows zero-day Follina (source)
- New DFSCoerce NTLM Relay attack allows Windows domain takeover (source)