14 DAY TRIAL // Researchers from Kaspersky warn that cybercriminals have launched several campaigns in which they attempt to trick users into thinking that they’ve received an image file. In reality, the fake image files are used to disguise a piece of malware.
One spam run spotted by experts leverages fake T-Mobile emails that purport to carry MMS messages. The archive files attached to the notifications contain a file named something like “23-10-2013 13_64_09.jpeg.exe.”
More recently, fake Instagram emails have been seen landing in inboxes, carrying the same types of files.
“Your friend added a new photo with your to Instagram. Please open the attached file to watch your new photo,” the emails read.
Users who haven’t configured their operating systems to display the extensions of known files might be tricked into thinking that the files are actually JPEG pictures. In reality, they hide pieces of malware such as Trojan.Win32.Neurevt, Backdoor.Win32.Androm or Trojan-Downloader.Win32.Agent.
For additional technical details, check out Kaspersky’s blog.