VenomLNK

VenomLNK (previously known as VenomKit) is a hacking tool that is not used to infect computers of potential victims. Instead, its operators use it to create weaponized documents and files that will deliver whatever payload the attackers want to integrate into the final file. VenomLNK is very similar to the RoyalRoad RTF builder tool that Chinese cybercriminals have been using for the past few years. However, VenomLNK is not limited just to China, and cyber crooks might use it in different regions.

VenomLNK Mimics VenomKit, but Focuses on Corrupted LNK Files

The goal of VenomKit is to turn a legitimate Rich Text File (RTF) document, in a weaponized version that uses various scripts and old vulnerabilities to try and gain escalated permissions on the targeted system. Usually, RTF documents created via VenomKit will display a legitimate, decoy document while the payload is being installed in the background. Often, VenomLNK and VenomKit are used to deliver a first-stage payload, such as a reconnaissance tool or a Trojan downloader/loader that will later introduce more threats to the compromised host.

As the name VenomLNK suggests, this builder focuses on creating modified Windows Shortcuts, or 'LNK' files. These are masked to look like a document – they may often use a fake icon, as well as a 'double extension,' to disguise their true purpose. When the LNK file modified by VenomLNK is launched, it may connect to a remote server and fetch a payload.

The good news is that modern anti-virus software does not detect just threatening executables and DLLs – it also can recognize the misleading traits and macros found in harmful documents like the ones created via the VenomLNK builder. To keep your system always protected from attacks utilizing VenomLNK RTF builder, you should make sure to install and activate a regularly updated anti-malware software solution.