Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

[email protected] (The Hacker News) 2026-03-30T15:28:00+00:00 View Original

Full Report

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

Analysis Summary