Security News > 2022 > June > Malicious Windows 'LNK' attacks made easy with new Quantum builder

Malicious Windows 'LNK' attacks made easy with new Quantum builder
2022-06-23 15:04

LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries, such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application files.

Researchers at Cyble have spotted a new tool for creating malicious LNKs called Quantum, which features a graphical interface and offers convenient file building through a rich set of options and parameters.

Quantum offers UAC bypass, Windows Smartscreen bypass, the ability to load multiple payloads on a single LNK file, post-execution hiding, startup or delayed execution.

Finally, Quantum also offers the option to build HTA files and ISO archives, which typically go hand in hand in attacks involving LNK, with everything bundled inside the disk image files.

As long as using LNK files is effective for malicious actors, the rising trend in their deployment is expected to continue.

Tools like Quantum are accelerating the adoption trend even more and make the choice of LNK files more enticing to cybercriminals.

News URL