What is the true nature of the shortcut file I thought was a privacy consent form?
ID: f1419dd5-5d80-5166-90b4-7c07492ebfcf
STIX ID: report--f1419dd5-5d80-5166-90b4-7c07492ebfcf
Feed Name: ASEC
**Executive Summary:** This report describes a malicious campaign that distributes .LNK shortcut files masquerading as consent/document files; executing the LNK runs obfuscated PowerShell which downloads additional scripts and executes payloads in memory (fileless), installs persistence via Windows Task Scheduler, deploys information-stealing scripts and a backdoor loader, and uses decoy documents to avoid detection; recommended mitigations include verifying file extensions and delivery paths, auditing Task Scheduler and PowerShell execution logs, and monitoring external connections.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
