incident
CoralRaider Uses Malicious LNK Files to Evade Antivirus and Deliver InfostealersCoralRaider LNK Antivirus Evasion Campaign
The CoralRaider threat group is conducting a campaign using malicious LNK files to evade antivirus detection and deliver infostealer malware. The attack chain leverages PowerShell, HTA files, and FoDHelper.exe to bypass UAC and add Windows Defender exclusions, ultimately deploying CryptBot, LummaC2, or Rhadamanthys payloads.