Security News > 2021 > June > Phishing attack's unusual file attachment is a double-edged sword
As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection.
In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.
WIM files are used to pack an entire drive, with all of its files and folders, into a single file for easy distribution.
While WIM files may be less likely to be detected, phishing campaigns that use them have a bigger problem as Windows has no built-in mechanism to open a WIM file.
This file format would then require a recipient to go out of their way and extract the file using a program like 7-zip and then double-click on the file within it, which is highly unlikely to happen,.
"Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle - the target system must recognize the file type or at least have a tool which can unpack and process the file," says Lopera.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)