Windows Shortcut (LNK) Malware Strategies

This Unit 42 report analyzes the rising abuse of Windows LNK shortcut files for malware delivery, detailing four major malicious LNK categories (exploit-based, malicious-file execution, in-argument script execution, and overlay execution), common system targets (powershell.exe, cmd.exe, rundll32.exe, etc.), overlay techniques (find/findstr, mshta, PowerShell intrinsics), exploitation variants including CVE-2010-2568, and provides representative SHA256 hashes and mitigation guidance.