External sources have identified the limited use of maliciously crafted Symbolic Link files (.SLK) in phishing campaigns. Spreadsheet applications are used to launch and execute the malicious PowerShell command contained inside. This infection vector does not require the use of macros, making standard detection less likely.
At this time
What we’re doing about it
- The Threat Intelligence team is monitoring phishing related activity for noteworthy changes.
What you should do about it
- Attachments with
the .SLK ending should be treated with extra caution.
- Block files with
SLK file extension through SPAM filters. the.
- Ensure users are well informed about current threats through awareness programs and training.
Symbolic Link files using the “.SLK” file extension are used to transfer data between spreadsheets and other databases. These files are primarily used by Microsoft Office but are also recognized by other products in Windows, Mac, Linux, iOS