Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Just a single malicious email can poison your AI agent’s memory: resea...
VIDA Demonstrates How Passwordless Authentication Can Break the Scam C...
New AI jailbreak techniques expose limits of safety defenses, prompt i...
The cyber incident that is too “isolated” to accentuate to mass media...
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Tips

How to outsmart filename masquerading: A practical guide to safer file handling

By L L Seow | Monday, May 26, 2025, 5:46 PM Asia/Singapore

How to outsmart filename masquerading: A practical guide to safer file handling

An age-old cybercriminal tactic has been rejuvenated, thanks to popular AI platforms that generate sought-after images and video files for download.

A recent high-profile case had involved the impersonation of a popular generative AI (GenAI) platform that has millions of users. Using fake Facebook ads and a convincing spoof of the platform’s website, cybercriminals lured victims into downloading files that appeared to be images or videos generated by the GenAI prompts.

Such sought-after output by millions of users tends to lower people’s guard. They will not notice anomalies in the filename of such output, such as unusual glyphs (“…”) or double extensions (for example, “.doc.exe”). In actuality, depending on how Windows users set their File Explorer preferences, some filename anomalies may not even be visible! However, once the supposedly harmless image (*.jpg or *.png) or video (*.mp4) files are downloaded and opened, users will have launched a malicious Windows executable.

This devious technique is called “filename masquerading”. By leveraging popular platforms that by nature are expected to generate normally harmless files for users (such as images or videos), cybercriminals can fool even savvy users into downloading and executing malware.

Understanding how filename masquerading works — and how to spot it — can help users — even those on other less-vulnerable operating systems — from being tricked by filename masquerading.

Common filename masquerading techniques
The main idea is to mask executable files, macros and automation scripts with filenames that do not readily appear to the potential victim as such. Instead, the filenames are made to escape the attention of users, made to masquerade as image or video files that are opened in trusted editing software.

Some common techniques to mask dangerous executable files as less risky files include:

  1. Double extensions
    A classic trick is naming a file something like invoice.pdf.exe. If your system hides known file extensions (the default setting in Windows), you’ll only see invoice.pdf, not realizing it’s actually an executable program.
  2. Unicode Right-to-Left Override (RLO)
    Attackers can insert special Unicode characters (such as U+202E) into filenames, causing part of the name to be displayed in reverse order. For example, “photo_high_res\u202Egnp.js” will appear as “photo_high_resj.png”, masking the true nature of the file.
  3. Invisible Unicode characters
    Characters such as the Hangul Filler (U+3164) can be used to pad a filename, pushing the real extension out of view. For instance, a file named “Generated_Image_2025.jpg[U+3164 x50].exe” can appear as just “Generated_Image_2025.jpg” in Windows.
  4. Spaces and special characters
    Adding spaces or special symbols at the end of a filename can hide the true extension or make the file look more legitimate. Use of spaces or special Unicode fillers can push the real extension out of view on certain Windows device configurations.
  5. Legitimate-looking icons and names
    Malicious files may be set to make the operating system display a certain icon — such as a standard image icon — that is familiar and safe to users.
  6. File signature spoofing
    Beyond masking risky filename extensions, cybercriminals can even copy digital signatures from legitimate files into a malware executable to make it appear to the operating system as an authentic and verified executable system file. This technique can evade system alerts or detection by any installed third-party cybersecurity software.
  7. File header masquerading
    In this case, even a malicious file’s internal structure is changed to make the executable match the profile of a harmless image file, for example. This can fool certain system processes or cybersecurity software that routinely monitor incoming files.

The MITRE ATT&CK framework has cataloged masquerading as a standard adversary tactic (T1036), with sub-techniques such as double file extension (T1036.007), RLO (T1036.002), and matching legitimate names or locations (T1036.005). Numerous real-world malware families and threat groups have used these methods, from spear-phishing attachments to advanced persistent threat campaigns.

Protective and prevention measures

Filename masquerading is a powerful tool in the cybercriminal’s arsenal, but with a little vigilance and the right settings, Windows users (and even those running the more-secure operating systems) can protect themselves and others around them.

Always set Windows file browser tools to show file extensions, be wary of suspicious files/filenames, and keep software up to date:

  • Enable file extension visibility: Make this the default setting on all Windows devices.
  • Use reliable cybersecurity software: Modern security solutions can detect many masquerading tricks. However, do not rely only on such tools alone
  • Keep your system updated: Install Windows security updates and application updates in a prompt manner, to quickly patch vulnerabilities that attackers could exploit.
  • Be skeptical: If something feels off — a very long file name, an unexpected attachment, or a download from a new website — trust your instincts and investigate before opening a file.
  • Educate others: Share this knowledge with friends, family, and colleagues. The more people know about these tricks, the less effective they become. If anything is amiss with a file, the first thing to do is to quarantine it instead of double-clicking on it. Scan it with a cybersecurity tool. Report it to the IT team. A more risky option could involve physically renaming the file to a short name with a harmless extension for the type of file it is supposed to be. If opening that supposed image file in a photo viewer app does not work, then the original filename could have been a masqueraded one.

If all protective measures fail, and a file that has been launched does not appear to be what it is supposed to be, immediate measures to take are: Disconnect from the Internet, and shut the device down immediately. Report the incident to IT without delay.

Share:

PreviousSophisticated crypto theft operation exploits phishing, smart contracts to steal millions
NextKnow the four most common password mistakes

Related Posts

Report: 59% of board members view generative AI as security risk

Report: 59% of board members view generative AI as security risk

Thursday, September 7, 2023

Driving Innovation and Security in the Future of Finance in Singapore

Driving Innovation and Security in the Future of Finance in Singapore

Friday, November 8, 2024

Living-off-the-land cyberattacks increased by 5% in 2021: report

Living-off-the-land cyberattacks increased by 5% in 2021: report

Tuesday, May 31, 2022

Cybercriminals are targeting the insurance industry: why?

Cybercriminals are targeting the insurance industry: why?

Thursday, March 3, 2022

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • VIDA Demonstrates How Passwordless Authentication Can Break the Scam Chain

    Monday, July 13, 2026
    KUALA LUMPUR, Malaysia, July 13, …Read More »
  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.