Vedalia APT group exploits oversized LNK files in malware campaign
Contents
A malware campaign attributed to the Vedalia(also known as Konni) APT group has been observed, employing oversized LNK files. The threat actor utilized double extensions to conceal the original .lnk extension, with the LNK files observed containing excessive whitespace to obscure the malicious command lines. As part of the attack vector, the command line script searched for PowerShell to bypass detection and locate embedded files and the malicious payload..
Symantec protects you from this threat, identified by the following:
File-based
CL.Downloader!gen20
Scr.Mallnk!gen13
Trojan.Gen.NPE
WS.Malware.1
Symantec protects you from this threat, identified by the following:
File-based
CL.Downloader!gen20
Scr.Mallnk!gen13
Trojan.Gen.NPE
WS.Malware.1