this post was submitted on 19 Mar 2025
71 points (96.1% liked)

Privacy

1460 readers
150 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote big-tech software.
  5. No reposting of news that was already posted. Even from different sources.
  6. No crypto, blockchain, etc.
  7. No Xitter links. (only allowed when can't fact check any other way, use xcancel)

Related communities:

founded 4 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
71
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying: 'Only' a local access bug but important part of North Korea, Russia, and China attack picture (www.theregister.com)
submitted 9 hours ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.sdf.org/post/31274457

Archive

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads.

Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.

"This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, [said].

"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

[...]

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 7 hours ago (2 children)

Is it a bug though? It's like saying that the ability to put a few megabytes of new lines in a shell script is a bug. What are they smoking?

[–] [email protected] 2 points 3 hours ago

They're also, more accurately, calling it an exploit and a security vulnerability.

[–] [email protected] 2 points 7 hours ago

Nah, it's not a bug. Clearly, .lnk files are intended to contain megabytes of whitespace to conceal malicious links.