The shortcut triggers a PowerShell script or a side-loading vulnerability.
The malware captures keystrokes, takes screenshots, and sends system data to a Command & Control (C2) server. 🔍 Technical Indicators (IOCs) UralMountainsSamples rar
It drops a modular backdoor, often identified as Remcos RAT or Meduzot . The shortcut triggers a PowerShell script or a
Creates scheduled tasks or registry keys under names like WindowsUpdater to stay on the system. 💡 Key Takeaway UralMountainsSamples rar
The user opens the .rar and clicks a shortcut file (e.g., "Request.lnk").
The attack follows a multi-stage execution pattern to evade detection: