Security News > 2022 > June > New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts
2022-06-24 21:05

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut files has been spotted for sale on cybercrime forums.

Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "Multiple payloads per.LNK" file.

LNK files are shortcut files that reference other files, folders, or applications to open them," Cyble researchers said in a report.

Early evidence of malware samples using Quantum Builder in the wild is said to date back to May 24, masquerading as harmless-looking text files.

"By default, Windows hides the.LNK extension, so if a file is named as file name.txt.lnk, then only file name.txt will be visible to the user even if the show file extension option is enabled," the researchers said.

LNK file executes PowerShell code that, in turn, runs a HTML application file hosted on Quantum's website using MSHTA, a legitimate Windows utility that's used to run HTA files.


News URL

https://thehackernews.com/2022/06/new-quantum-builder-lets-attackers.html