Security News > 2021 > June > Phishing attack's unusual file attachment is a double-edged sword
As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection.
In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.
WIM files are used to pack an entire drive, with all of its files and folders, into a single file for easy distribution.
While WIM files may be less likely to be detected, phishing campaigns that use them have a bigger problem as Windows has no built-in mechanism to open a WIM file.
This file format would then require a recipient to go out of their way and extract the file using a program like 7-zip and then double-click on the file within it, which is highly unlikely to happen,.
"Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle - the target system must recognize the file type or at least have a tool which can unpack and process the file," says Lopera.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)