Research by HarfangLab revealed XDigo, a Go-based malware used in recent attacks against Eastern European government entities. The attacks exploit a remote code execution flaw within Microsoft Windows, specifically in LNK files. This malware is an evolution of XDSpy, which has targeted governmental agencies since 2011. Discoveries include a critical LNK parsing flaw that could lead to severe security issues, allowing. attackers to execute code without alerting users. As cyber threats continue to evolve, this highlights the ongoing risks faced by sensitive governance sectors in the region.
Crafted data in an LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface.
An attacker can leverage this vulnerability to execute code in the context of the current user.
Collection
[
|
...
]