The Evil MSI Background is Back!, (Fri, Jun 5th)
Summary
A malicious technique involving embedding payloads within MSI-branded backgrounds, previously seen in JPEG files, has resurfaced. This new iteration was delivered via a WeTransfer link in an email, indicating its increasing popularity.
IFF Assessment
FOE
The resurgence of this technique, which embeds malicious payloads within seemingly innocuous files, poses a direct threat to defenders by enabling new attack vectors.
Defender Context
Defenders should be aware of this evolving technique that uses common file formats like MSI backgrounds for malicious payloads. Phishing campaigns leveraging file-sharing services like WeTransfer are a key delivery method to monitor.