Malicious Code Embedded in Shortcuts
An LNK file is a Windows Shortcut that points to a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut option or sometimes they are created automatically while running an application. Because LNK files offer a convenient alternative to opening a file, threat actors can use them to create script-based threats. One of these methods is through the use of PowerShell.
You will see in the video below that I have leveraged these techniques to create a devastating attack vector for hijacking all of the links on a target’s desktop or whatever directory you define. With slight modifications, you could use this payload to infect every single link on a target’s system. Every time they use one of their shortcuts your PowerShell code will be executed undetected in the background.