There are some torrrents showing up with .lnk
extension (ex: movie.mp3.lnk, tvshow.mkv.lnk…) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).
These (fake) torrents include a .lnk
file that executes a script on your Windows
HOW TO exclude from download on qBittorrent.
-
Go to Options -> Downloads
-
Enable “Exclude file names”
-
Add patterns:
(one by line)
*.mp4.lnk
*.mp3.lnk
*.mkv.lnk
*.torrent.lnk
Or exclude all together: *.lnk
Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection
Is that the malware that is undetectable because it runs purely in memory? The name is escaping me
Yet another reminder that piracy on Linux is the way because new files don’t have execute permissions by default
On many distros will open with WINE by default, not a big deal, you can just delete
~/.wine
. If it does anything
How is the link file executing malware? Can you put any shell script as the target?
You can put the script itself as the link. Shortcut to: powershell -command “Write-Host ‘Gonna pwn your shit’”
Could you just add *.lnk?
That’s mentioned near the bottom of the post.
deleted by creator
Ah yes you’re right