Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples in VirusTotal that exhibit the bug, demonstrating existing in the wild usage. The oldest sample identified was submitted over 6 years ago,” Elastic Security Labs researchers found. Windows’ in-built protections Attackers are constantly coming up with new … More

The post Researchers unearth MotW bypass technique used by threat actors for years appeared first on Help Net Security.