Go to listing page

Top four file attachments that are widely used by threat actors to deliver their malicious payloads

Top four file attachments that are widely used by threat actors to deliver their malicious payloads
  • To provoke the recipients, usually, these emails include some enticing content or offer or gift.
  • Once the victims are convinced, they are asked to click on an attachment (s) that come with the email.

Email spamming is increasing every single day. It is the most lucrative attack method used by threat actors to infect individuals or organizations without their knowledge. To provoke the recipients, usually, these emails include some enticing content or offer or gift. Once the victims are convinced, they are asked to click on an attachment(s) that comes with the email.

These attachments have been evolving over the years to make the users less suspicious. However, there are few file attachments that continue to be used by threat actors to hide their malware.

  • Zip and RAR archives: Malicious actors are fond of concealing malware in archives. For example, ZIP files cleverly titled ‘Love_You****’ (* indicates digit) were used by attackers to distribute GandCarb ransomware on the eve of Valentine’s Day. A couple of other malicious ZIP files were also used to deliver the Qbot trojan, which is specialized in stealing data.
  • Microsoft Office documents: Microsoft Office files, especially Word Documents (.doc, .docx), Excel spreadsheets (XLS, XLSX, XLSM), presentations and templates are also widely used by cybercriminals.

These files contained embedded macros that enable threat actors to download malware in the background of the affected system. Most often these attachments target office workers. They are disguised as contracts, bills, tax notifications or urgent messages.

  • PDF files: Booby-trapped PDF files are lately gaining popularity among cybercriminals. The format can be used to create and run JavaScript files. Furthermore, such documents can also be used to hide phishing links that can be used to steal a user’s login credentials.
  • ISO and IMG disk images: Cyber attackers have been paying attention to such types of files of late. Disk files are basically a virtual copy of a CD, DVD, or other disks.

Attackers have used disk images in the past months to deliver malware such as Agent Tesla, which specializes in stealing credentials.

Cyware Publisher

Publisher

Cyware