APT36 hackers abuse Linux .desktop files to install malware in new attacks
bleepingcomputer.com> Victims receive ZIP archives through phishing emails containing a malicious .desktop file disguised as a PDF document, and named accordingly.
How does the disguise work?
Some desktop environments hide file extensions. This bad behaviour dates back 30 years.
File is foo.pdf.desktop in a zip file. zip unzipped, DE hides .desktop and shows “foo.pdf”
User double clicks thinking it’s a safe pdf but it’s actually a script or other payload which does bad things.