Fake Text File can Load Malware on Computers
Attackers are continually looking for new and innovative ways to infiltrate an organization’s systems. They have come up with another threat, which is to include fake text files that can load malware on computers. Savvy users can be tricked into running malicious attachment. Having antivirus software can detect some malicious executables but not all.
Notepad and RTLO
Attackers are now using Notepad icons with Right-to-Left-Override, also known as RTLO to trick users into opening malicious attachments with a Unicode character that informs Windows operating systems to switch letters from left to right.
The .txt extension is known to be a harmless text file and when email clients and Windows load a file with the extension, the popular Notepad icon appears. However, one of the latest threats uses RTLO and the Unicode character U+202E to make a text file into an advanced attack. As most users are familiar with the Notepad icon, they are likely to open the attachment. In many current RTLO attacks the malicious file is a PowerShell script, which allows attackers to download external files and change computer settings on the computer.
Cybersecurity Experts can be Tricked
Even cybersecurity experts can be tricked into falling for the RTLO attack, unless they view the attachment file’s name. Generally users rely on icons shown in the client email when opening attachments and do not review the file name and are unaware of RTLO attacks and Unicode characters.
Phishing and Ransomware
Generally in phishing campaigns the attachment file is usually an executable or Microsoft Office Document however, in the attack the files extension is seen as a harmless txt under a really malicious exe.
It only takes the user to open the file before the damage is done, which can include running ransomware on the system to installing a keylogger — the tools of the hacking trade, which can lead to stolen credentials and data breaches.
Security Solutions
Getting the best email security solution will provide, through artificial intelligence, the opportunity to detect and quarantine malicious files reaching the users inbox. This allows the administrator of the organization to review and determine whether the file is a malicious attack, before flagging it as safe and forwarding it on to the recipient.
Here are 3 useful tips to prevent your organization from being a victim of RTLO attacks:
- Teach users to detect malicious messages
- Provide users with examples of what a malicious attack can do
- Add cybersecurity multi layer protection
