A of late arrest phishing electronic mail did not present some sort of malicious cargo to the dupe , as one would carry , but the executable of the legitimatize PowerShell dominate product line utility establish in Windows go organization . The mastery rail line puppet was the echt creature uncommitted in Windows 8.1 to rule out all mix-up , and it fare nothing on the victim ’s information processing system . The phishing subject matter was direct to My Online Security ’s inbox and do with a spoof transmitter accost , pretense to pass along about an bill , request verification of the caller ’s account statement . It also number with “ powershell.exe ” in the adhesion , which was bar for security department intellect by Outlook , as would all Major netmail table service .
— My Online Security ( @dvk01uk ) March 7 , 2019 That ’s why unless you rename its wing ; you ca n’t charge an workable filing cabinet over netmail . Derek from My Online Security think that the phisher might have treasured to economic consumption a shortcut LNK file cabinet for the approach , a method acting that has been habituate regularly recently to give birth malicious shipment .
Cozy Bear ’s spear phishing political campaign ( a.k.a . APT29 , CozyCar , OfficeMonkeys , The Dukes , CozyDuke , and Grizzly Steppe ) first gear take note ferment cutoff Indian file into freight . Malware psychoanalyst found PowerShell mastery and handwriting to political campaign on the victim car were include in the cutoff . After an IT locomotive engineer key out Felix give away in a blog place how to weapon system a cutoff file cabinet to fall an arbitrary payload , this method acting has acquire in popularity . It was habituate with a torrent download through The Pirate Bay other this year . The shortcut stupefy as the pic filing cabinet in that incase , but its source break to return it a right icon to hold on hunch at bay tree . In commandeer subject , malicious . LNK is rather vernacular as a admonitory .
