all InfoSec news
Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft)
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab Security Emergency response Center (ASEC) has confirmed that malware [1], which was previously distributed in CHM format, is now being distributed in LNK format. This malware executes additional scripts located at a specific URL through the mshta process. It then receives commands from the threat actor’s server to carry out additional malicious behaviors.
The threat actor has been distributing the confirmed LNK file on a regular website by uploading it alongside malware within a compressed file.
Figure 1. …
actor ahnlab asec backdoor center chm distributed distribution emergency lnk malicious malware malware analysis process redeyes response scarcruft scripts security server threat threat actor url