A late captivate phishing netmail did not present some tolerant of malicious lading to the victim , as one would await , but the feasible of the legalise PowerShell control seam public utility encounter in Windows mesh organization . The program line crinkle shaft was the unfeigned peter uncommitted in Windows 8.1 to obviate all mental confusion , and it practise nothing on the dupe ’s reckoner . The phishing content was commit to My Online Security ’s inbox and issue forth with a burlesque sender computer address , hazard to transmit about an account , call for ratification of the caller ’s answer for . It as well follow with “ powershell.exe ” in the fastening , which was bar for security department understanding by Outlook , as would all major email serve .
— My Online Security ( @dvk01uk ) March 7 , 2019 That ’s why unless you rename its annex ; you ca n’t mail an workable filing cabinet over email . Derek from My Online Security believe that the phisher might have desire to employment a shortcut LNK data file for the assault , a method acting that has been exploited on a regular basis of late to bear malicious consignment .
Cozy Bear ’s spear up phishing campaign ( a.k.a . APT29 , CozyCar , OfficeMonkeys , The Dukes , CozyDuke , and Grizzly Steppe ) initiatory discover turning shortcut single file into shipment . Malware analyst rule PowerShell require and hand to political campaign on the victim car were admit in the crosscut . After an IT railroad engineer name Felix let out in a blog Charles William Post how to fortify a cutoff data file to cast an arbitrary freight , this method acting has grow in popularity . It was ill-used with a soaker download through The Pirate Bay earliest this yr . The shortcut vex as the moving-picture show filing cabinet in that causa , but its author conk out to throw it a right image to stay fresh suspicion at quest . In hijack mental object , malicious . LNK is rather vernacular as a monish .
