Attack Trend

Snapshot or a Malicious File? .

By Perception Point Incident Response Team
November 6, 2018

There is a rise in the usage of a phishing technique that tricks the user into thinking that an image of the attached file can be quickly opened in snapshot mode. But in fact it is an attack.

How it works.

The user receives a mail with some information regarding the file image. By embedding the image into the mail, the attacker tricks the user into thinking that a simple click on the image will allow him to open it in snapshot mode without downloading the file or image itself. A common interaction in Office 365 and G-Mail.
However, as soon as he clicks on the file it opens an instant download page hiding behind the image and immediately starts downloading the malicious file.


PDF Image: The attacker is tricking the user to think a simple PDF file is attached to the mail but instead of opening it by clicking on the file it transports the user to an instant download page with a malicious file inside.




File Photo: By designating the file type to be a .png or .jpg, the attacker tricks the user into clicking the picture without even giving it a second thought.


Both of these examples evade mainstream email security solutions as they are deeply embedded into hidden layers. Perception Point sees these attacks thanks to our Recursive Unpacker, which extracts out each layer to be analyzed separately by our engines.

To learn more about our solution,

Click Here

Share the joy
Stay a step ahead

Research & News.

Asset 5
Case Study

Case Study: Advanced Attack Analysis

Uri Ahronovich

Perception Point’s platform recently caught an advanced threat directed at one of our customers within a Microsoft Word file.

Asset 5
Article

Why Relays, AVs, & Sandboxes just aren’t enough anymore

By Jonathan Levy

Over the years organizations have implemented multi-layered approaches to protect their email, due to the fact that no single solution has provided sufficient results.

Asset 5
Research

Breaking CFI: Exploiting CVE-2015-5122 using COOP

By Oshri Sela & Shlomi Levin

In this series of posts we’re going to demonstrate how modern CFI implementations can be circumvented.

Show More
Contact Us

Schedule a trial today.

Yes, I would like to receive email communications from Perception Point. I understand I can unsubscribe at any time.