Infosecurity Magazine reports that malicious ZIP files purporting to contain payment records, passport scans, and other legitimate documents, have been laced with Windows shortcut files that prompt DLL implant deployment as part of a new phishing campaign.Attackers have leveraged social engineering tactics to spread the ZIP files with the illicit LNK shortcuts that covertly launch an obfuscated PowerShell dropper, which then retrieves .ppt file-spoofing DLLs, according to an analysis from BlackPoint. Multiple "quiet flags" have been used by the PowerShell dropper to enable command execution without any visible window prompts or user permission requirements.Malicious activity has also been regarded as typical system behavior due to the runtime's utilization of an already available Windows binary. With such a threat hinged on user trust in document-themed content, organizations have been urged to not only prohibit LNK files in archives and ensure Mark of the Web implementation, but also deny rundll32 usage and activate script block logging transcription, according to BlackPoint researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds