Windows LNK files remain a preferred vector for attackers seeking to establish initial access on target systems. Recently, security researchers identified a sophisticated MastaStealer campaign that exploits these shortcut files to deliver a full-featured C2 beacon while simultaneously turning off critical endpoint protections.
The infection begins with a spear-phishing email containing a ZIP archive with a single .lnk file. When the victim executes the shortcut, the attack unfolds in multiple stages designed to maintain a low profile while establishing persistence.
The LNK file launches Microsoft Edge and navigates to anydesk[.]com in the foreground, creating the illusion that it is a legitimate application.
https://gbhackers.com/mastastealer-exploits-windows/