This phishing campaign could really blow up in the face of the attackers

Err on the side of…error

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have shared details about an ill-conceivedmalwarecampaign that falls flat on its face.

Enterprise network security company Trustwave spotted a campaign that uses a novel disk image file to conceal malware. It says that while the use of unusual attachments helps bypass security software likefirewallsandantivirus software, it also runs the risk of raising red flags with users.

However, in this instance, the threat actors used such an esoteric file format that it isn’t even supported byWindows.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle – the target system must recognize the file type or at least have a tool which can unpack and process the file,” notes Trustwave inits analysis.

WIMs and fancies

The campaign saw the threat actors use the WIM (Windows Imaging Format) file, disguised as an invoice or a consignment note, to smuggle malware.

In the past threat actors have relied on disk image files such as .ISO, .IMG, and .DAA to conceal malware. However, as Trustwave notes, unlike the other disk image formats, Windows does not have the built-in ability to extract these files, which can only be unpacked usingarchiving toolslike7Zip, PowerISO, andPeaZip.

Trustwave analysis reveals that the file contains theAgent Teslamalware, which is a dangerous remote access trojan (RAT) that can exfiltrate data via HTTP, SMTP, FTP, and Telegram and also allow the threat actors to exercise control over a compromised system.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, concealing such a lethal malware inside such an obscure file format isn’t really a smart move as it ensures that a majority of the targets will not be able to accidentally infect their computers.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Best Dragon Age games in 2024 - every series entry ranked