{"id":198473,"date":"2022-08-11T11:17:56","date_gmt":"2022-08-11T09:17:56","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=198473"},"modified":"2025-07-01T20:32:00","modified_gmt":"2025-07-02T03:32:00","slug":"scammers-have-moved-on-from-macros","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/scammers-have-moved-on-from-macros\/","title":{"rendered":"Scammers have moved on from Macros to find a new way of infecting your machine"},"content":{"rendered":"\n

Recently we\u2019ve covered several stories about scammers using Office macros<\/a> to infect user devices and Microsoft\u2019s subsequent campaign<\/a> to shut them down. Well, Microsoft\u2019s campaign has certainly enjoyed a level of success, but it seems that the move has forced the scammers to look elsewhere. Scammers are now using shortcut .ink files in their attempts to infect your device<\/strong>. Let\u2019s go through all you need to know.<\/p>\n\n\n

\r\n
\r\n
\r\n
\r\n \"Microsoft\r\n <\/div>\r\n
\r\n Microsoft 365<\/span>\r\n Download Now<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path><\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n\n\n\n

Analysts at HP Wolf Security<\/a> have discovered an 11% rise in certain files, including .ink files, being used to push malware over the last quarter<\/strong>. This data comes from an analysis of millions of different endpoint devices. The analysts also discovered a variety of different ways that the scammers have been using to try and get the corrupted files onto your devices.<\/p>\n\n\n\n

One of the main tricks used by these malicious actors is to compress the files<\/strong>, which makes then harder to detect. For example, if an infected file has been compressed into a .zip file and then sent as an email it is much harder for antivirus programs or your email provider\u2019s attachment scanner to discover it<\/strong>.<\/p>\n\n\n\n

The key element about shortcut files is that they are dynamic, meaning the scammers can alter the icon and the title in a way as to make it very difficult for users to identify them. For example, a scammer could give the file a PDF icon<\/strong> and then also include PDF in the file name, when in fact double-clicking it could run an executable file<\/strong> and load pretty much any type of malware.<\/p>\n\n\n\n

Alex Holland who is the Senior Malware Analyst at HP Wolf Security had this to say about this new type of threat:<\/p>\n\n\n\n

\u201cAs macros downloaded from the web become blocked by default in Office, we\u2019re keeping a close eye on alternative execution methods being tested out by cybercriminals. Opening a shortcut or HTML file may seem harmless to an employee but can result in a major risk to the enterprise.\u201d<\/em><\/p>\n\n\n\n

This new type of threat requires enhanced levels of vigilance <\/strong>and HP Wolf Security recommends blocking any shortcut files sent as email attachments. If you or your team members are unsure about how to spot these types of scams you should check out our infographic, which will teach how to spot scam emails<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Recently we\u2019ve covered several stories about scammers using Office macros to infect user devices and Microsoft\u2019s subsequent campaign to shut them down. Well, Microsoft\u2019s campaign has certainly enjoyed a level of success, but it seems that the move has forced the scammers to look elsewhere. Scammers are now using shortcut .ink files in their attempts … Continue reading “Scammers have moved on from Macros to find a new way of infecting your machine”<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":198479,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2717],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-198473","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionmicrosoft-365"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198473","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=198473"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198473\/revisions"}],"predecessor-version":[{"id":323387,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198473\/revisions\/323387"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/198479"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=198473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=198473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=198473"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=198473"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=198473"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=198473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}