8 points | by Santosh83 15 hours ago ago
2 comments
> Victims receive ZIP archives through phishing emails containing a malicious .desktop file disguised as a PDF document, and named accordingly.
How does the disguise work?
Some desktop environments hide file extensions. This bad behaviour dates back 30 years.
File is foo.pdf.desktop in a zip file. zip unzipped, DE hides .desktop and shows “foo.pdf”
User double clicks thinking it’s a safe pdf but it’s actually a script or other payload which does bad things.
> Victims receive ZIP archives through phishing emails containing a malicious .desktop file disguised as a PDF document, and named accordingly.
How does the disguise work?
Some desktop environments hide file extensions. This bad behaviour dates back 30 years.
File is foo.pdf.desktop in a zip file. zip unzipped, DE hides .desktop and shows “foo.pdf”
User double clicks thinking it’s a safe pdf but it’s actually a script or other payload which does bad things.