Trojan Droppers Exploiting Symbolic Link Files
Malicious actors routinely attempt to confuse recipients of messages with obscure file extensions to load malicious files on the victims machine.
For most users the .slk file is recognized in Microsoft Office software as an Excel file. However, as detailed here, it also is recognized by other applications among various hardware and mobile platforms. They are designed to link data between spreadsheets and databases. Similar to Excel .xls/.xlsx files, these .slk files also support the ability to execute malicious commands.
Fortunately with this attack vector, the user receives quite a few warnings that should set off red flags before the infection begins. However, few anti-virus engines are catching these attacks.
This blog steps thru the chain of infection for one of these malicious .slk trojan droppers and details what users should watch out for.