Privacy News Information Stealer Found Hitting Israeli Hospitals (using malicious LNK files/shortcut files))

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The abuse of shortcut (LNK) files is steadily gaining traction among cybercriminals. We’ve seen a plethora of threats that leverage malicious LNK files: from well-known ransomware families, backdoors typically deployed in targeted attacks, and banking Trojans to spam emails, even an exploit to a LNK vulnerability itself. These threats are usually exacerbated by the further abuse of legitimate tools such as PowerShell, or script automation utility AutoIt. It’s thus not surprising that we discovered an information stealer employing LNK files, which our sensors detected in Israeli hospitals.

Healthcare is considered a cybercriminal cash cow, as it can be a lucrative source of personally identifiable information that can be monetized in underground marketplaces. Initial findings revealed that any browser-based information, e.g., login credentials, can be stolen, making the use of browser-based management systems and applications important.

We have observed its attempts to gain footholds in the systems and the local networks’ shared folders. Another notable aspect we’re seeing so far is the combination of worm propagation and stealth capabilities.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top