Skip to content

Criminals Using WIM Files in Phishing Campaign

Posted by: GuidePoint Security

< 1 min read

Researchers have recently discovered threat actors leveraging Windows Imaging Format (WIM) files as attachments in malicious campaigns designed to deliver the Agent Tesla remote access trojan (RAT). The malicious WIM files are delivered via emails pretending to come from shipping and delivery companies.

WIM files are used as a file-based disk image format to deploy Windows Vista and later operating systems. Researchers believe that threat actors may have switched to WIM files since they are less likely to be detected as malicious. However, because they can’t be opened on a standard Windows platform and require unique software such as 7-zip to extract, targeted victims are unlikely to go the extra distance to track down a program that will enable them to open the malicious file.

Check out our other blog posts from this past week.

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Threat & Attack Simulation
This Caller Does Not Exist: Using AI to Conduct Vishing Attacks
Posted by: Andre Rosario
Read More 10 min read
  • Blog
Identities and IAM Trends: Q&A With a Saviynt Identity Expert
Posted by: Ben MartinMooney
Read More 4 min read