APT36 hackers abuse Linux .desktop files to install malware in new attacks (opens in new tab)

(bleepingcomputer.com)

10 pointsSantosh837mo ago2 comments

2 comments

> Victims receive ZIP archives through phishing emails containing a malicious .desktop file disguised as a PDF document, and named accordingly.

How does the disguise work?

Some desktop environments hide file extensions. This bad behaviour dates back 30 years.

File is foo.pdf.desktop in a zip file. zip unzipped, DE hides .desktop and shows “foo.pdf”

User double clicks thinking it’s a safe pdf but it’s actually a script or other payload which does bad things.

j / k navigate · click thread line to collapse

> Victims receive ZIP archives through phishing emails containing a malicious .desktop file disguised as a PDF document, and named accordingly.

How does the disguise work?

Some desktop environments hide file extensions. This bad behaviour dates back 30 years.

File is foo.pdf.desktop in a zip file. zip unzipped, DE hides .desktop and shows “foo.pdf”

User double clicks thinking it’s a safe pdf but it’s actually a script or other payload which does bad things.

j / k navigate · click thread line to collapse