As part of an ongoing research effort, Palo Alto Networks has been tracking an increase in attacks exploiting malicious use of Windows shortcut (LNK) files or LNK malware.
These LNK files are typically used to create shortcuts to files or applications, but they can also execute code or contain malicious commands.
LNK files are a popular tool among attackers for distributing malware and launching code because they are readily accepted by most security tools and users.
Most LNK files are not malicious, but Windows users should nonetheless be cautious when handling them and verify their authenticity before executing them.
LNK files are typically explored unintentionally by victims, particularly by interactive users, as part of an attack flow.
Attackers can also use LNK files to execute malicious code or download and execute malware directly using command-line arguments.
Palo Alto Networks has identified four types of LNK malware that Windows users should be aware of to protect themselves and their organizations.
All Windows users should examine any suspicious LNK files before opening them to ensure they are not malicious.
By Haizhou Wang, Ashkan Hosseini and Ashutosh Chitwadgi
