lazarusholic

Everyday is lazarus.dayβ

Vedalia APT group exploits oversized LNK files in malware campaign

2024-04-07, Symantec
https://www.broadcom.com/support/security-center/protection-bulletin/vedalia-apt-group-exploits-oversized-lnk-files-in-malware-campaign
#Vedalia #LNK

Contents

A malware campaign attributed to the Vedalia(also known as Konni) APT group has been observed, employing oversized LNK files. The threat actor utilized double extensions to conceal the original .lnk extension, with the LNK files observed containing excessive whitespace to obscure the malicious command lines. As part of the attack vector, the command line script searched for PowerShell to bypass detection and locate embedded files and the malicious payload..

Symantec protects you from this threat, identified by the following:

File-based

CL.Downloader!gen20
Scr.Mallnk!gen13
Trojan.Gen.NPE
WS.Malware.1