What Is .LNK File And Is It Safe?

LNK files are legitimate WIndows system shortcut files that open another file, folder, or app. However, attackers have lately been active in exploiting .LNK files to open backdoors into user’s systems.

LNK File thumbnail

If you are using the Windows operating system on your computer, then you would have probably come across a .LNK file. You may not be able to see an LNK file extension even when you have shown file extensions, but we are certain that you are using them daily.

.LNK is an acronym for “LINK,” because these files point to another file, folder, or application, which is known as the “target.”

In this post, we are going to discuss in detail what a .LNK file is, how you can check if it’s an LNK file, what information it holds, and whether the .LNK file you are concerned about is a genuine Windows file or a malware.

What is .LNK File?

An LNK file is a Windows system file and a shortcut file. LNK files redirect and point to another file, folder, or application. These files contain information about the target object, such as its metadata, location (path), and file size of the target item. You can view this information from their properties window.

LNK file properties
LNK file properties

LNK files normally have the same icon as the target object, except for the tiny arrow in the bottom-left corner which specifies that it is a shortcut file.

LNK file
LNK file sample

A .LNK file is in a shell binary format. This means that it is stored in the form of ones and zeros. This format makes the LNK files ideal for hackers to infiltrate target systems. We have also discussed this further in this post.

In Windows 10 and 11, LNK files can be usually seen on your desktop. Their original location is usually at the following path:

 C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent Items
Recent Items directory
Recent Items directory

Now that you know what a .LNK file is., let’s see how you can open them.

How to Open LNK Files

On a Windows PC, you can easily open and run a .LNK file like any regular app or folder. Simply double-click on it to run it, and it will launch the target object.

You can also view the .LNK file’s properties by right-clicking on it, and then clicking Properties from the context menu.

Open LNK properties
Open .LNK properties

If you switch to the General tab in the Properties window, you can confirm that it is a .LNK file.

Confirm file type
Confirm file type

If you wish to open the target file instead of the shortcut, you can find its complete path in the “Target” field in the Shortcut tab. You can then paste this path into File Explorer to open the target folder.

Open target file location
Open target file location

Alternatively, you can also click Open file location directory from the LNK file’s context menu to open the target folder.

How to Create a .LNK File

.LNK files are shortcut files. You can only create them on a Windows computer by creating a shortcut.

To create a shortcut file, right-click on a file, folder, or app, and then click Create a shortcut from the context menu.

Create a shortcut
Create a shortcut

This will now create a shortcut for the selected object, which will be a .LNK file.

You can even create shortcuts of shortcuts, but its associated target item would be the original target and not the first shortcut.

Are .LNK Files Safe

Even though .LNK files are Windows system files, not all of them can be assumed safe for your PC.

Over the last few years, there have been increasing reports of cyber attacks and malware injection using .LNK files. Hackers share compressed or archived files with end users that look harmless. But opening those files instantly injected their PCs with malware using .LNK files which created backdoors for the attackers.

Since .LNK files offer a convenient method of opening another file, attackers can use them to run script-based malware using Windows PowerShell. PowerShell can run in the background without the user knowing about it, making it a perfect opportunity to run scripts.

That said, not all LNK files are threats. As we previously mentioned, on a Windows PC, LNK files are shortcut files that help in opening another file, folder, or app located elsewhere.

So how do we know whether the .LNK file is legitimate or a trojan horse?

One way is to inspect the target object. If the target object is a legitimate Windows file, folder, or application, then the associated LNK file is harmless. You can check the target app through the LNK file’s properties. Remember to also check whether the target object is within the directory it is supposed to be.

If you find some unusual entries in the target location inside the LNK file’s properties, then it is likely a virus. Here’s an example:

Unusualy target details of LNK file
Unusual target details of .LNK file

This LNK shortcut is running a code instead of opening a legitimate target object.

At times, there is no way to tell if a .LNK file is legitimate or a virus. This is because the “Target” field has a limit of only 260 characters. This makes the target object look legitimate, but has a string of whitespace after the target area visible to you.

Infected LNK file 1
Infected LNK file

In the image above, you can only see the legitimate part of the target object. However, the true target object is so long that it cannot be seen. The attacker pads several spaces or newline characters before the malicious argument making it invisible to the naked eye.

The only way to tell if this .LNK file is legitimate is by using parsers and other security tools.

Security Advisory

Eben though attackers first began exploiting LNK files years ago, the attacks are still happening today, as it is the best method to take advantage of an innocent-looking .LNK file. Since it can be complicated for a regular Windows user to differentiate between a malicious and a legitimate .LNK file, here are a few things we suggest you should do to keep yourself protected:

  • Perform regular malware scans.
  • Upgrade your PowerShell to the latest available version as updates include security patches.
  • Never click on executable files received online from unknown senders, even if they seem legitimate.
  • Never click on .LNK files received via email, posing as a job offer, or any other social media platform.

Closing Thoughts

We hope that this guide helped you keep your data and PC protected from malware.

Another thing we would like our users to know before concluding this guide is that you cannot see .LNK file extensions when you opt to view extensions in File Explorer’s settings. Some websites also state manual changes to Windows Registry as a solution to show and hide .LNK extensions, but after having tested them, they no longer work.

Also see:

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave a Reply

You have to agree to the comment policy.