Top
image credit: Freepik

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

April 5, 2023

An unknown threat actor used a malicious self-extracting archive (SFX) file in an attempt to establish persistent backdoor access to a victim’s environment, new findings from CrowdStrike show.

SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents. It achieves this by including a decompressor stub, a piece of code that’s executed to unpack the archive.

“However, SFX archive files can also contain hidden malicious functionality that may not be immediately visible to the file’s recipient, and could be missed by technology-based detections alone,” CrowdStrike researcher Jai Minton said.

Read More on The Hacker News