This phishing campaign could really blow up in the face of the attackers

Malware
(Image credit: solarseven / Shutterstock)

Cybersecurity researchers have shared details about an ill-conceived malware campaign that falls flat on its face.

Enterprise network security company Trustwave spotted a campaign that uses a novel disk image file to conceal malware. It says that while the use of unusual attachments helps bypass security software like firewalls and antivirus software, it also runs the risk of raising red flags with users.

However, in this instance, the threat actors used such an esoteric file format that it isn’t even supported by Windows.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

“Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle – the target system must recognize the file type or at least have a tool which can unpack and process the file,” notes Trustwave in its analysis.

WIMs and fancies

The campaign saw the threat actors use the WIM (Windows Imaging Format) file, disguised as an invoice or a consignment note, to smuggle malware. 

In the past threat actors have relied on disk image files such as .ISO, .IMG, and .DAA to conceal malware. However, as Trustwave notes, unlike the other disk image formats, Windows does not have the built-in ability to extract these files, which can only be unpacked using archiving tools like 7Zip, PowerISO, and PeaZip.

Trustwave analysis reveals that the file contains the Agent Tesla malware, which is a dangerous remote access trojan (RAT) that can exfiltrate data via HTTP, SMTP, FTP, and Telegram and also allow the threat actors to exercise control over a compromised system.

However, concealing such a lethal malware inside such an obscure file format isn’t really a smart move as it ensures that a majority of the targets will not be able to accidentally infect their computers.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
email
A Windows filetype update may have complicated cyber threat detection efforts
Trojan
Hackers hide malware into website images to go unnoticed
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject&#039;s Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game