Security News > 2021 > June > Phishing attack's unusual file attachment is a double-edged sword
As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection.
In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.
WIM files are used to pack an entire drive, with all of its files and folders, into a single file for easy distribution.
While WIM files may be less likely to be detected, phishing campaigns that use them have a bigger problem as Windows has no built-in mechanism to open a WIM file.
This file format would then require a recipient to go out of their way and extract the file using a program like 7-zip and then double-click on the file within it, which is highly unlikely to happen,.
"Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle - the target system must recognize the file type or at least have a tool which can unpack and process the file," says Lopera.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)