.. /.Slk

Phishing
Double Click
Macros

Contributors:

mr.d0x

Description:

SLK or Symbolic Link Files are older version of Excel files which rarely have any legitmate uses.

OS:

Windows
Mac

Recommendation:

Disable macros via GPO and whitelist the users that are permitted to run macros. For end users, turn off macros from Excel's settings.

Resources:

https://blog.knowbe4.com/new-spear-phishing-campaign-targets-27-famous-brands-with-malicious-slk-files
https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users

File Samples: