Skip to content

Criminals Using WIM Files in Phishing Campaign

Posted by: GuidePoint Security

< 1 min read

Researchers have recently discovered threat actors leveraging Windows Imaging Format (WIM) files as attachments in malicious campaigns designed to deliver the Agent Tesla remote access trojan (RAT). The malicious WIM files are delivered via emails pretending to come from shipping and delivery companies.

WIM files are used as a file-based disk image format to deploy Windows Vista and later operating systems. Researchers believe that threat actors may have switched to WIM files since they are less likely to be detected as malicious. However, because they can’t be opened on a standard Windows platform and require unique software such as 7-zip to extract, targeted victims are unlikely to go the extra distance to track down a program that will enable them to open the malicious file.

Check out our other blog posts from this past week.

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Blog
What Innovative Solutions or Technologies Are on the Horizon to Combat Social Engineering and Malware?
Posted by: GuidePoint Security
Read More 4 min read
  • Blog
Playing the Cybersecurity Odds: How to Bet Smart in an Uncertain Economy
Posted by: Ben Moreland
Read More 2 min read