Large LNK files leveraged for RokRAT malware deployment

4 May 2023

Microsoft’s implementation of default macro blocking across Office documents has prompted North Korean state-sponsored threat operation Scarcruft, also known as APT37, Nickel Foxcroft, RedEyes, InkySquid, Ricochet Chollima, and Reaper, to leverage oversized LNK files to facilitate RokRAT malware delivery since last July, according to The Hacker News. Scarcruft has been launching spear-phishing attacks using LNK files to trigger multi-stage infection sequences that would eventually result in infections with the RokRAT malware, also known as DOGCALL, as well as its Android and macOS variants, dubbed RambleOn and CloudMensis, respectively, a report from Check Point showed.

Read full article on SC Magazine

Date:

4 May 2023

Categorie(s):

NEWS

Tag(s):

IT, Large, News

The Impact of NIST SP 800-171 on SMBs6 May 2024
Ensuring Privacy in the Age of AI: Exploring Solutions for Data Security and Anonymity in AI6 May 2024
Tinyproxy Flaw Let Attackers Execute Remote Code6 May 2024
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released6 May 2024
McAfee and Intel Collaborate to Combat Deepfakes with AI-Powered Deepfake Detection6 May 2024