The MastaStealer campaign involves attackers using Windows LNK shortcuts to deliver their malware through a spear-phishing technique that includes zipped archives containing harmful LNK files. Once users activate these links, the process begins by simulating legitimate browser activity while quietly downloading an MSI installer that sets up further malicious activity. The malware extraction process takes place in a hidden directory, complicating detection efforts as it mimics legitimate Windows processes with cleverly chosen filenames.
One notable aspect of this attack is its method of bypassing Windows Defender. A PowerShell command executed during installation disables Defender’s protections, creating exclusion paths that allow malware to operate undetected. This strategy highlights the evolving techniques used by cybercriminals to circumvent traditional security measures by exploiting legitimate features within Windows administration. Organizations are advised to enhance monitoring of PowerShell commands and consider implementing application whitelisting to mitigate such risks.
👉 Pročitaj original: Cyber Security News
