How Attackers are Using LNK Files to Download Malware

How Attackers are Using LNK Files to Download Malware

As Microsoft is taking measures to stop hackers from using macros to spread malware, hackers are turning towards LNK files for malicious purposes. Here we explain how attackers are using LNK files to spread viruses.

What is LNK File Format?

Known as Windows shortcuts, LNK files are based on Shell Link Binary file format and contain a reference to a location called link target. They are usually seen as shortcuts and saved on the Desktop and Start Menu. These files can be created manually by running an application or using third-party tools. The .LNK format comprises five compulsory structures, while others are optional. This post covers only those parameters that can help identify infected LNK files. –

  • SHELL_LINK_HEADER
  • LINKTARGET_IDLIST
  • LINKINFO
  • STRING DATA
  • EXTRA DATA

Why are attackers switching to LNK?

LNK files are commonly used as application shortcuts; hence have always been under the radar. However, as Microsoft is taking serious steps towards protecting macros and is disabling them by default, hackers’ attention has been shifted to LNK files. These files include application settings, which means the application behavior, and pass configuration parameters, including metadata in various sections, can be controlled, making it easy for attackers to spread malware.

How are attackers using LNK files?

It’s not the first-time hackers are using LNK files to target users. These files have already been used as an attack vector in early 2013 and 2017. At that time, archive files were used to spread the malware. However, with time attackers have become smarter, and now they use the LNK file as downloaders.

To carry out the attack, since LNK files are capable of executing any file on the system, attackers embed the malicious code into them and use them in the delivery stage to initiate the next stage of deploying malware.set LNK files What exactly they do is, set LNK files, such as PowerShell, VBScript, etc., to execute with predefined commands from another LNK file. Emotet, Bumblebee, and Quantum are a few examples of how LNK files spread viruses.

How to detect & deal with malicious LNK files?

To deliver malicious payloads, hackers keep developing and upgrading their tools. The same is true for security companies to prevent and mitigate these threats; they develop antivirus software.

T9 antivirus is an example of one such powerful antivirus program that you can use to deal with LNK files. The antivirus software offers –

  • Real-time protection
  • Malware protection
  • Exploit protection
  • Web protection
  • Firewall
  • Startup Manager to keep startup apps in check

Using it you can keep the PC secure and boost its performance. Follow these steps:

Download and install T9 antivirus software.

  1. Download and install T9 antivirus software.
  2. Launch the security tool to scan the PC for the LNK file virus.
  3. Click the lens icon to select from three scan types – Quick Scan, Deep Scan, and Custom Scan. We suggest you run Deep Scan. install t9 antivirus
  4. Let the scan take its time.  scanning files and folders
  5. Review scan results and click Protect Now to quarantine all the detected threats.
  6. Restart the PC to save changes, and that’s it.

This way, you can keep your PC clean from malicious files, including the LNK file. In addition to this, since cyber-attacks are evolving, we always check the LNK shortcuts while using them. To do so, right-click the INK file select Properties, and see the complete address under the shortcut link. If it is redirecting to an unknown location, it is a sign of malware. Beware of scams and phishing mail, and avoid clicking on malicious links and attachments.

Must Read: Top Features to Look for in an Antivirus Program

Frequently Asked Questions

Q.1 How do I open an LNK file?

You can open an INK file by double-clicking on it or right-clicking the INK file and selecting Open. This will open the file, folder, or program to which the LNK file points.

If you are an advanced user, you can edit the LNK file’s properties by right-clicking the file and selecting Properties.

Q.2 What is LNK, and how do I use it?

LNK is a Windows shortcut that points to and is used to open a file, folder, or application. You can use it by double-clicking on the LNK file.

Q.3 How to fix the LNK extension not working?

If you cannot open the file with. the LNK file extension, run the System File Checker scan (sfc /scannow) to fix the corrupted system file. Once you have run the command, try to run the LNK files, this should help.

Q.4 What is the difference between a shortcut and an LNK file?

 LNK file formats generally have the same icon as their destination files and have a little curled arrow denoting that the file is pointing to a different location. While shortcuts, when double-clicked, behave as the actual file.

Hopefully, by using these steps and keeping the information shared in mind, you will avoid being a victim of LNK file downloaders attacks.

Next Read: How to Protect Your Computer From Hackers and Viruses

Share On :

About The Author

Preeti Seth
Preeti Seth

A UX writer who loves explaining technical details in a clear, crisp, and concise manner. She loves writing about technical troubleshooting, How-To's, product reviews, etc. In her free time, she loves reading, meditating, and traveling.

Related Posts

Leave a comment

Your email address will not be published. Required fields are marked *

Seen on

View All