CyberSecurityBoard
Sponsor Register Login

Weaponized LNK File Disguised as Credit Card Security Email Steals User Data

When users execute the LNK file, the malware simultaneously downloads and displays a legitimate-looking HTML page, effectively masking its malicious activities while maintaining the illusion of a genuine security process. This attack represents a concerning shift in malware distribution methods, leveraging the urgency and legitimacy associated with credit card security notifications to bypass user skepticism. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Unlike traditional attacks that rely on document-based decoys, this threat actor employs HTML files to create convincing credit card company authentication interfaces. The notepad.log component functions as a comprehensive backdoor, providing remote shell access, file enumeration capabilities, and keylogging functionality that stores captured data in the C:\Users\{username}\AppData\Local\netkey directory. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The HTA component subsequently creates two critical files in the C:\Users\{username}\AppData\Local directory: sys.dll (the primary malicious payload) and user.txt (containing download URLs for additional components). Cybercriminals have evolved their social engineering tactics with a sophisticated malware campaign that exploits users’ trust in financial institutions. The app module specifically targets Chromium-based browsers including Chrome, Brave, and Edge for credential harvesting, while net expands the scope to include Opera, Firefox, and major web services like Google, Yahoo, Facebook, and Outlook. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The campaign demonstrates advanced evasion techniques by incorporating legitimate decoy files alongside malicious payloads. The researchers noted that threat actors have significantly enhanced their impersonation techniques, specifically targeting highly reputable financial organizations to maximize their success rates. Upon execution, the LNK file triggers the download of an HTA file and the decoy HTML document into the system’s temporary directory. ASEC analysts identified this emerging threat through their continuous monitoring of malware distribution campaigns.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 22:45:10 +0000


Cyber News related to Weaponized LNK File Disguised as Credit Card Security Email Steals User Data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
9 months ago Aws.amazon.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
9 months ago Esecurityplanet.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
5 months ago Cybersecuritynews.com
Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments - New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC ...
2 years ago Bleepingcomputer.com
How Attackers Are Using .LNK Files As a Delivery Mechanism For Malware - Recent research indicates that attackers have moved away from the traditional malicious Office attachment macro in favor of .LNK files. These files, once opened, run malicious scripts intended to deliver malicious payloads onto the host machine, ...
2 years ago Csoonline.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 weeks ago Cybersecuritynews.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Weaponized LNK File Disguised as Credit Card Security Email Steals User Data - When users execute the LNK file, the malware simultaneously downloads and displays a legitimate-looking HTML page, effectively masking its malicious activities while maintaining the illusion of a genuine security process. This attack represents a ...
1 day ago Cybersecuritynews.com
Halting Hackers on the Holidays 2023 - As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive increase in shopping online for the Christmas season, we count the breaches and total personally identifiable information records lost ...
1 year ago Cyberdefensemagazine.com
Weaponization of LNK Files Surge by 50% and Primarily Used in Four Different Malware Categories - These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being weaponized by threat actors to execute malicious payloads while maintaining a facade of legitimacy. Their research revealed that threat actors ...
3 weeks ago Cybersecuritynews.com
Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
1 year ago Therecord.media
Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code - Security researcher Nafiez has publicly disclosed a previously unknown vulnerability affecting Windows LNK files (shortcuts) that can potentially allow attackers to execute code remotely without user interaction. As security researchers from Intezer ...
2 months ago Cybersecuritynews.com
How a Regional Credit Union Reinvented Email Security with Votiro Cloud - Located in the southeast U.S., this regional Credit Union boasts over a million members across 100+ branches and handles over $10 billion in assets. They provide a comprehensive range of financial services from basic banking to insurance. If you'd ...
1 year ago Securityboulevard.com
Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data - The point-of-sale malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information. Initially detailed in 2017, Prilex has evolved from ...
2 years ago Securityweek.com
9 online scams to watch out for this holiday season - By being aware of these common online scams and taking precautions, you can protect yourself and your family from becoming victims this holiday season. The holiday season is upon us, and that means it's time to start shopping for gifts. It's not just ...
1 year ago Blog.avast.com
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards - The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it ...
2 years ago Thehackernews.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
Credit union operations restored after tech supplier ransomware attack - The federal agency that oversees credit unions said operations at about 60 of the organizations have been restored following a ransomware attack last month. Ongoing Operations, a cloud services provider owned by credit union technology firm ...
1 year ago Therecord.media Lorenz
Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
5 months ago Bleepingcomputer.com
DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools - The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft HTML Application host utility. A sophisticated new ...
3 days ago Cybersecuritynews.com
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
1 year ago Itsecurityguru.org
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
1 year ago Itsecurityguru.org
BidenCash darkweb market gives 1.9 million credit cards for free - The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling ...
1 year ago Bleepingcomputer.com
North Korean Hackers Weaponizing ZIP Files To Execute Malicious PowerShell Scripts - The LNK file contains embedded code that executes PowerShell commands to extract multiple components: a decoy HWPX document (a Korean document format), executable data files, and a batch script. While the security analyst, Mohamed Ezat from ZW01f ...
4 months ago Cybersecuritynews.com APT3 APT37

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)