“Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer’s login credentials with an attacker via Google Chrome and the SMB protocol.
This technique is not new, but a combination of two different techniques, one taken from the Stuxnet operation, and one detailed by a security researcher at the Black Hat security conference.”
Read more at the link below:
Source: You Can Steal Windows Login Credentials via Google Chrome and SCF Files