Pakistani APT36 cyberspies are exploiting Linux .desktop files to deliver malware and conduct espionage against Indian government and defense targets. This emerging tactic involves disguising malicious files as PDFs and maintaining persistence through Linux-specific mechanisms. #APT36 #LinuxEspionage
Keypoints
- APT36 uses phishing emails with ZIP archives containing malicious .desktop files to target victims.
- The .desktop files disguise malware as benign PDF documents to lower user suspicion.
- Attackers leverage Linux desktop launcher features to deliver payloads and establish persistence.
- The malware payload is a Go-based ELF executable that enables remote spying and data exfiltration.
- The campaign demonstrates evolving, evasive tactics to bypass security monitoring on Linux systems.