.. /.Scf

Phishing
Native

Author:

mr.d0x

Description:

SCF or Shell Command Files are Windows Explorer Command files that can be used to to launch commands by Windows Explorer. They have been used before by attackers to steal credentials.

OS:

Windows

Recommendation:

Block the download and execution of SCF files.

Resources:

https://www.bleepingcomputer.com/news/security/you-can-steal-windows-login-credentials-via-google-chrome-and-scf-files/
https://blog.malwarebytes.com/cybercrime/2017/05/smb-and-scf-another-good-reason-to-disable-superfluous-protocols/

File Samples:

Contributions: