Malicious apps could be executed without being flagged by Windows SmartScreen and Smart App Control through several techniques, one of which has already been leveraged by threat actors for the past six years, The Register reports.
Already exploited by attackers is the "LNK Stomping" method, which involves a Windows shortcut file management vulnerability that disregards Windows Mark of the Web, according to an Elastic Security Labs analysis. Microsoft has already been warned of the approach, which could be easily abused through LNK files with atypical internal structures, but has yet to commit to fixing the issue, noted Elastic Tech Lead Joe Desimone. Other attack techniques involve evading reputation-based defenses, the first of which is "Reputation Hijacking," which entails the modification of reputable programs through script hosts. Attackers could also employ "Reputation Seeding," which involves the deployment of a seemingly trustworthy binary that could be abused upon the fulfillment of certain conditions, as well as "Reputation Tampering," which involves alteration of certain app code sections.
