{
	"id": "bc98ca40-9dca-49ff-a5ec-b01456f7be02",
	"created_at": "2026-04-06T00:11:07.906639Z",
	"updated_at": "2026-04-10T03:24:29.442408Z",
	"deleted_at": null,
	"sha1_hash": "7d4e91245bb4baa9d71b4f65169e508c8743934e",
	"title": "How to avoid dual attack and vulnerable files with double extension? - Blogs on IT, Network, and Cybersecurity",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37047,
	"plain_text": "How to avoid dual attack and vulnerable files with double\r\nextension? - Blogs on IT, Network, and Cybersecurity\r\nBy Seqrite\r\nArchived: 2026-04-05 19:19:13 UTC\r\nThe dual extension or double extension is one of the oldest forms of cyber-attacks but continues to be extremely\r\neffective. The reason for the continued effectiveness of this type of attack lies in its simplicity.\r\nFile extensions are so familiar with us that we don’t even give them a second thought. A .doc or a .docx extension\r\nis a Microsoft Word document, and .xlsx file is from Microsoft Excel, .ppt/.pptx is from PowerPoint, .jpeg/.gif is\r\nan image file and so on. We work with these file formats so much that we hardly spend even a second thinking\r\nabout them.\r\nA double extension can be hidden in plain sight\r\nIt’s exactly that familiarity that cybercriminals look to exploit. In Microsoft Windows operating systems, there is\r\nan option to “Hide file extensions for known file types” which is turned on by default. Malware writers can use\r\nthis feature to get unsuspecting users to download files that look genuine but are actually executable.\r\nFor example, a file that ends in .exe is an executable file and most email providers will block the download or\r\ninstallation of such a file. A user would also be wary of downloading a .exe file without knowing where it came\r\nfrom. However, a malware actor can easily disguise the extension through a dual extension. The file can be\r\nrenamed to an official-sounding “Sales Report Q4 FY21”. Then, to hide the .exe extension, the file could be given\r\na dual extension like “Sales Report Q4 FY21.doc.exe”.\r\nTricked into running an executable file\r\nBecause Windows by default hides known extensions, the file will show to the user as a .doc document without\r\nthe .exe extension. The user will consider it a Word document and open it, inadvertently downloading malware on\r\ntheir systems. This is exactly how many types of ransomware and malware have spread in the last few years. A\r\ngood example is the CryptoLocker Ransomware which encrypted files and demanded a hefty ransom if users\r\nwanted to recover their files.\r\nIt’s a very simple method of attack but can be very effective. Even if one user downloads and runs a malware\r\nexecutable, it can easily spread to other systems on the network and shut down the entire enterprise network.\r\nRansomware can spread extremely fast and shut down entire networks.\r\nCybersecurity 101: Don’t open attachments from unknown people\r\nThe key method to prevent dual extension attack is to be extremely vigilant about opening files, especially from\r\nunknown sources. Users should turn off the option to hide file extensions—this will ensure that the entire file\r\nextension can be viewed. While even opening emails from unknown sources is a strict no-no, there’s no guarantee\r\nhttps://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/\r\nPage 1 of 2\n\nthat an email from someone known is safe. They could well be compromised. It should be first nature to check the\r\nentire file extension and open it only it seems genuine.\r\nSeqrite’s state-of-the-art Endpoint Security (EPS) is equipped with Intrusion Detection Systems (IDS) \u0026 Intrusion\r\nPrevention Systems (IPS) that proactively detects and prevents malicious activity through known signatures. EPS\r\nalso has a Ransomware Protection feature which uses Seqrite’s behaviour-detection technology to detect and block\r\nransomware threats. Using an updated security solution like EPS is highly recommended for protection against\r\nmalware attacks such as dual-extension type attacks.\r\nSource: https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/\r\nhttps://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/"
	],
	"report_names": [
		"how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434267,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7d4e91245bb4baa9d71b4f65169e508c8743934e.pdf",
		"text": "https://archive.orkl.eu/7d4e91245bb4baa9d71b4f65169e508c8743934e.txt",
		"img": "https://archive.orkl.eu/7d4e91245bb4baa9d71b4f65169e508c8743934e.jpg"
	}
}