Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

New LNK Malware Uses Windows Binaries to Evade Detection

A new LNK malware strain has been discovered that leverages legitimate Windows binaries to evade traditional detection methods. This malware uses specially crafted LNK files to execute malicious payloads without raising suspicion. By abusing trusted Windows processes, the malware can bypass security controls and maintain persistence on infected systems. The attack chain typically begins with a phishing email or compromised website delivering the LNK file. Once executed, the malware uses Windows utilities like rundll32.exe and regsvr32.exe to load and run malicious code. This technique allows attackers to blend in with normal system activity, making detection and mitigation challenging for security teams. The malware's use of native Windows binaries highlights the increasing sophistication of threat actors who exploit built-in OS features to avoid detection. Organizations are advised to enhance monitoring of Windows binary executions and implement strict application whitelisting policies. Additionally, user education on the risks of opening unsolicited LNK files can help reduce infection rates. This emerging threat underscores the need for layered security defenses combining endpoint protection, network monitoring, and threat intelligence to effectively combat advanced malware campaigns.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 25 Sep 2025 16:20:36 +0000

Cyber News related to New LNK Malware Uses Windows Binaries to Evade Detection

New LNK Malware Uses Windows Binaries to Evade Detection - A new LNK malware strain has been discovered that leverages legitimate Windows binaries to evade traditional detection methods. This malware uses specially crafted LNK files to execute malicious payloads without raising suspicion. By abusing trusted ...
1 week ago Cybersecuritynews.com

How Attackers Are Using .LNK Files As a Delivery Mechanism For Malware - Recent research indicates that attackers have moved away from the traditional malicious Office attachment macro in favor of .LNK files. These files, once opened, run malicious scripts intended to deliver malicious payloads onto the host machine, ...
2 years ago Csoonline.com

Weaponization of LNK Files Surge by 50% and Primarily Used in Four Different Malware Categories - These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being weaponized by threat actors to execute malicious payloads while maintaining a facade of legitimacy. Their research revealed that threat actors ...
3 months ago Cybersecuritynews.com

How To Use YARA Rules To Identify Financial Sector Targeted Attacks - By analyzing multiple samples from the same malware family, security teams can create YARA rules that identify various iterations of the threat, even as attackers attempt to modify their code to evade detection. By scanning network traffic for ...
5 months ago Cybersecuritynews.com Hunters

New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload - Cyber Security News - This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass traditional detection mechanisms, demonstrating a concerning evolution in attack methodologies. eSentire’s Threat Response Unit (TRU) first ...
6 months ago Cybersecuritynews.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com

MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
1 year ago Bleepingcomputer.com

DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools - The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft HTML Application host utility. A sophisticated new ...
2 months ago Cybersecuritynews.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code - Security researcher Nafiez has publicly disclosed a previously unknown vulnerability affecting Windows LNK files (shortcuts) that can potentially allow attackers to execute code remotely without user interaction. As security researchers from Intezer ...
5 months ago Cybersecuritynews.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

Threat Actors Weaponize LNK Files With New REMCOS Variant That Bypasses AV Engines - Cybercriminals are increasingly leveraging malicious Windows Shortcut (LNK) files to deploy sophisticated backdoors, with a new campaign delivering an advanced REMCOS variant that successfully evades traditional antivirus detection mechanisms. This ...
2 months ago Cybersecuritynews.com

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
7 months ago Cybersecuritynews.com

Hackers Weaponize PDF Along with a Malicious LNK File - Cybersecurity researchers have uncovered a new attack technique where hackers weaponize PDF files in conjunction with malicious LNK files to compromise systems. This sophisticated method leverages the trust users place in PDF documents, embedding ...
1 month ago Cybersecuritynews.com

Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com

10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
6 months ago Cybersecuritynews.com

Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com

How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com

Windows Mark of the Web Files LNK Stomping - The article explores a novel Windows security bypass technique involving the Mark of the Web (MOTW) feature and LNK files. MOTW is a security feature in Windows that tags files downloaded from the internet to enforce security policies. However, ...
1 week ago Cybersecuritynews.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com