What We Have Covered in This Article
Last Updated on October 14, 2022 by Editor Futurescope
Txt is a file extension linked with plain text files. If the file is a ‘true plain text’ file it can’t carry a virus. However, a txt file can hide as a malicious code used to trick users into accessing it.
Yes, txt files can contain virus, malware., malicious code. Though txt file regarded as harmful text-editing or word-processing program. Researchers discover possible attack with txt file.
This sending of executables is possible by using double file extensions that is, adding malicious code such as (.exe, .pif, .com) to the end of a .txt so that it appears as a text file.
In other cases, the malware may place a .doc or .txt file kept in a system while a message body text was scanning. The scanning is to send information back to a remote access point.
Are Text Files Safe?
Staff members who get external emails receive information on dangerous files. For instance, EXE, DOCX, and XLSX files may be dangerous and unsafe. Text files are considered harmless but can be harmful at times.
Read more: Can .txt Files be Dangerous?
Investigators found a way to utilize a loophole in the format, and they can find more. The file format isn’t the problem, but the issue arises in how the program treats the file.
macOS’s CVE- 2019- 8761 Vulnerability
Researcher Paulos Yibelo discovered a way of attacking macOS PCs through text files. Like many security systems, macOS’s built-in Gatekeeper system views text files as clean. Users can download and interact with them using the fixed editor TextEdit.
TextEdit is more complicated than Microsoft Windows Notepad. It can carry out more functions, such as displaying text in bold, changing font color, and other operations. TXT format can’t keep style information. TextEdit is tasked with taking more technical information, so it can handle the work.
Writing the HTML code into a text file forces TextEdit to process the code and some of its elements.
Possible Attacks Through Text Files
After carefully looking at all loopholes for a potential attack using this method, Yibelo found that the liability enables:
- DoS attacks: Gatekeepers don’t prevent the opening of local files from objects with the text extension. Thus, opening a bad file can overload a computer.
- Identification of a user’s real IP address: Code in the text file can implement the AutoFs, a quality program for mounting file systems. This provides access to an outside drive. The action may seem harmless, but the AutoFs encompass the kernel to send a TCP request. If the sender of the attack is behind a proxy server, the exact time you sent the text will be seen, and you will know the real IP address.
- File theft: Files are put into a text document containing <iframedoc>. Therefore, the malicious text file can access any file on your computer. This eventually transfers its contents using a dangling markup attack. For all this to happen, you just have to open the file.
In December 2019, a vulnerability was reported to Apple and given the number CVE-2019-8761.
How to stay safe txt file attacks?
An update was done in 2020 for the CVE-2019-8761 vulnerability, but it is no guarantee that TXT bugs lurk in that software. Training employees is necessary to treat any file as a potential threat, even if it looks harmless.
It makes sense when a company’s outgoing information flows to an internal or external SOC.
How a Fake Text File Can Load Malware on Your System?
For many computer systems, the biggest threat is file attachments in email format. Many attackers have discovered new ways of tricking even the keenest users into opening malicious files. Antivirus software detects malicious codes but not all.
The latest trick the attackers have is using Notepad icons with right-to-left override technology (RTLO), deceiving users into accessing malicious attachments.
What is Right-to-Left Override (RTLO)?
Most languages start from left to right, but this isn’t the case for Hebrew and Arabic, which is the opposite. The windows operating system gets instructions from the Unicode character (U+202E) to switch letters from left to right after Unicode instructions.
These are useful instructions for when English users need to access information written in Arabic or Hebrew. However, these instructions can be subject to manipulation and used to transfer malicious files (executables).
Cracking and RTLO Executable Malware
Text files with .txt extension are viewed as harmless by many. Loading of files with the .txt extension by email clients and Windows, and then the popular Notepad icon appears then the file is deemed harmless.
However, new threats by attackers utilize RTLO and the Unicode character to make harmless text into complicated malware. The fact that most email clients trust the Notepad icon makes them susceptible to receiving executables.
The current RTLO attacks use the PowerShell script. Powershell allows attackers to download external files and even compile custom code. The minute you run these files can be worse than when you execute macros in a Microsoft Office document.
Recipient Email Protection From RTLO Attacks
Even cybersecurity specialists may sometimes fall into the trap of attackers using RTLO. This trap is because they fail to examine the attachment file’s name. Many users rely on the icon in the email client and ignore checking the file’s name.
The users check the file extension and aren’t knowledgeable of RTLO and Unicode character attacks. This misinformation gives attackers a better chance to execute attacks on their recipients. However, this is harder for them on standard office files.
In simple fraud campaigns, the attachable email is an executable or Microsoft Office document. Therefore, this attack seems like a harmless text, but it’s a malicious exe. Once you open the file, the malicious code executes its duties. The duties may range from running ransomware on your system to creating a keylogger for your site, making it accessible to the attacker.
As these attacks are dangerous to users’ data privacy and business continuity, you can use email filters to block such messages from reaching the user. The attacks are complicated, and most users don’t know about RTLO, so they need protection instead of relying on users to notice the messages.
A standard email security solution may use artificial intelligence to discern executables and prevent them from reaching the user’s inbox. This email security solution doesn’t rely on users checking for malicious attachments and quarantining them for review by administrators. The administrator then forwards the message to the recipient if it’s positive or reviews it further if it’s an executable.
Users need information on detecting malicious messages and learning the consequences of running them. Knowledge of red flags of phishing and executables reduces the chances of you becoming affected.
However, businesses need to add cybersecurity protection layers between attackers and recipients. Email filters can block malicious messages from the intended person, remove human error, and safeguard businesses against victim data breaches.
Conclusion
Many users’ lack of knowledge of the new systems of malicious code types makes them prone to many attacks.
The security measures discussed in the article need the implementation to minimize the risks of attacks. Ensure that all information you open is checked and safe for you and your data.
FAQs
Can a file give you a virus?
Yes. A file may drive a virus to your device. Worms infect files, while viruses can infect anything. Worms aren’t common as the user needs to manually install them, unlike viruses in the simplest email attachment that can make you install it.
Can a PDF have a virus?
Yes, a PDF can have a virus. Since the PDF is one of the most commonly used file types, hackers have devised methods to encrypt malicious codes, causing security threats.
Can a JPG have a virus?
There are false claims that JPG files can’t have viruses, but this isn’t true. JPG can have viruses, but they first need to be executed or run.
Can an iPhone get a virus?
iPhones can get viruses if the phone is subject to an attack from a high-value spear phishing attack. This attack is not common among normal iPhone users.
