Hackers began sending out file icons with malicious links embedded in them.

Since the end of September, hackers have started using a new scheme of attacks on financial companies: instead of the usual phishing documents, the attackers began sending out file icons with malicious links embedded in them. This was reported to Izvestia on October 28 by Positive Technologies experts.

They said that employees of financial companies receive file icons on their work mailboxes — PDF, Excel or Word, which have malicious links embedded in them instead of the usual documents.

"The topics of the messages are chosen in such a way as to inspire confidence and imitate ordinary accounting correspondence: "Reconciliation Report no. ... from ...", notifications of closing documents, etc. Due to this, recipients open the attachment more often," the company said.

When clicking on the icon, the user automatically follows the link and downloads the archive with the virus, experts noted. The main page of the linked site looks like a legitimate resource, which allows attackers to remain unnoticed longer than usual.

According to Positive Technologies, the Fluffy Wolf APT group is responsible for the new attack. It is noted that if in the second quarter of 2025 she sent only 28 malicious files, then in the third quarter — almost 100.

"In fact, we are seeing a shift in emphasis — from direct viral attachments to deception of user perception. Companies where employees work remotely and do not always use corporate security tools are becoming particularly vulnerable," said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications, federal coordinator of the Digital Russia party project.

The use of file icons with embedded malicious links is an indicator of how social engineering methods are evolving. People are used to being wary of suspicious documents, but they are less wary of ordinary images and labels, he added.

In his opinion, in the New Year's Eve season, we should expect a further surge in phishing mailings, attacks on online stores and financial organizations. Security experts should already strengthen traffic monitoring and update security systems, and users should follow basic digital hygiene.

Fake Colonel: how scammers speculate on the topic of military awards

The Interior Ministry warned about sending fictitious orders to military personnel about awarding

Earlier, on October 22, the Department for the organization of the fight against the illegal use of information and communication technologies (UBK) of the Ministry of Internal Affairs of Russia named the characteristics that make it possible to identify bots in correspondence. According to the agency, when communicating, the bot does not hesitate and does not specify, responds quickly, writes in slogans and speaks the same way.

All important news is on the Izvestia channel in the MAX messenger.