Hackers are creating malicious links that compromise government, military, and other critical organizations, leading to espionage and data leaks. However, Microsoft has refused to fix the vulnerability with a security patch, Trend Micro reports.
Link files (.lnk) in Windows do not display important information, allowing attackers to embed malicious packages. Researchers from the Trend Zero Day Initiative (ZDI) have discovered about 1,000 malicious .lnk files and believe that the number of exploitation attempts is significantly higher.
The vulnerability allows remote attackers to execute arbitrary code on vulnerable Windows installations. User interaction is required for activation - for example, opening a malicious file or visiting an infected page.
Key facts:
The dangerous content of .lnk files is hidden from users even when scanned through the Windows interface.
Some malicious files reach 55 MB — larger than most known malware.
Almost 70% of attacks are aimed at espionage and data theft, about 20% — at financial gain.
343 malicious files were detected in the US, 39 in Canada.
Microsoft classified the problem as "low severity" and refused to release a patch in the near future. Researchers from ZDI filed a report in September 2024, but the situation has not changed.
Attackers often change the icon and add fake extensions (.pdf.lnk) to confuse users.
