We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Malgent!lnk
Aliases: No associated aliases
Summary
Trojan:Win32/Malgent!lnk is an adaptable malware threat with primary infection vectors involving social engineering strategies or software that has been tampered with to carry malicious code. Its objectives are comprehensive: to create a hidden backdoor for remote system access, to collect sensitive information like login credentials, and to download and install additional harmful software, such as ransomware or cryptocurrency miners. Recently, notable attacks have seen Malgent distributed inside weaponized versions of authentic open-source tools, increasing its chances of bypassing initial user suspicion.
- Immediately disconnect the infected device from all networks, including Ethernet, Wi-Fi, and Bluetooth.
- Restart the device into Safe Mode with Networking using the Windows Recovery Environment to limit what the malware can load.
- Manually clean out temporary file folders, including %TEMP% and %APPDATA%\Local\Temp, to delete any residual scripts or downloaded components.
- Use the Microsoft Sysinternals Autoruns utility to audit all auto-start locations and remove any suspicious registry entries or scheduled tasks that other scans might have missed.
- After you confirm the device is clean, reset all passwords for sensitive accounts like email, banking, and corporate access. Do this from a separate, known-clean device.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
