PANews reported on August 4th that, according to SlowMist's Chief Information Security Officer 23pds, citing an article from Genians, the North Korean-linked hacker group APT37 is using malware hidden within JPEG image files to launch attacks. This malware uses a two-stage encrypted shellcode injection method to hinder analysis. The attackers exploit shortcut files with a .lnk extension and embed Cmd or PowerShell commands within them to execute the attack. Efficient EDR monitoring optimized for detecting anomalous endpoint behavior is now crucial.