Malware .lnk shortcut
Last updated
Last updated
A user got sent a email saying:
Hello, you can find your document in the attachment. The archive password is the name of the president of the united states. Please reply as soon as possible. Kind regards, GSD Support.
with a zipfile attached
zipfile contains document.doc but it has a compounding extension document.doc.lnk. I was able to see the hidden extension through terminal.
when opening the properties of the the lnk file under target it has a power shell script: