Hackers have found a sneaky new way to infect Windows devices

Say goodbye to malicious Office macros, and hello to…shortcuts?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The operators of Emotet, one of the world’s most dangerousmalwarevariants, have moved away from usingMicrosoft Officemacros for distribution, and towards Windows shortcut files (.lnk).

As per aBleepingComputerreport,cybersecurityresearchers have observed Emotet using PowerShell commands attached to the .lnk file to download and run a malicious script on the targetendpoint.

The script is said to be relatively well hidden, not showing in the file’s properties, under “Target”.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Disabling macros

The shortcut file carries URLs for “several” compromised websites that store the malicious PowerShell script. If a victim runs the shortcut file, and the website still hosts the malware, it will download it to the system’s Temp folder with a random name, and then run it using regsvr32.exe.

Cybersecurity researchers from ESET are claiming that Emotet’s new distribution method works best in Mexico, Italy, Japan, Turkey, and Canada.

Emotet was forced into abandoning macros afterMicrosoftmade it impossible for users ofWord,Excel, Access,PowerPoint, and Visio, to run any VBA macros in “untrusted” documents.

In an announcement made in early February this year, it was said that all files shared from outside the company network will be deemed “untrusted”, meaning all files coming from the same domain should still be able to keep their macros.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Emotet might be gone – but malware is here to stay>Microsoft Office is finally making this vital security change across Excel, Word and more>Microsoft to disable old-school macros to shield users from attacks

Macros are a big deal, for both businesses, and cybercriminals. They are usually used to automate various tasks, such as importing or updating data coming from third-party sources. But the problem is that they can easily be abused by malicious actors to distributeransomware, malware, steal sensitive data, or for other nefarious deeds.

For years, criminal groups have been sharing macro-powered malicious Office documents, preying on gullible or exhausted workers. Payment receipts, warnings of failed payments, job offers, Covid-19 and vaccine information, are just some of the document types crooks would share to have people run macros and infect their endpoints with viruses.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Nokia confirms data breach leaked third-party code, but its data is safe