APT36 hackers abuse Linux .desktop files to install malware in new attacks

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. The activity, documented in reports by CYFIRMA and CloudSEK, aims at data exfiltration and persistent espionage access. APT 36 has previously used .desktop files to load malware in targeted espionage operations in South Asia. The attacks were first spotted on August 1, 2025, and based on the latest evidence, are still ongoing. Both cybersecurity firms find this latest campaign to be a sign of the evolution of APT36’s tactics, which are turning more evasive and sophisticated.

To read the complete article see: Bleeping Computer