Double Extension detection by Threat Protection Pro™

What is the double extension detection feature?

NordVPN’s double extension detection is an in-app Threat Protection Pro™ feature designed to enhance malware protection on Windows devices. It spots phishing tricks where hackers hide malicious files behind double file extensions (like “photo.jpg.exe”). In short, the double extension detection feature scans your downloads and makes sure you don’t accidentally open the door to a harmful file through your browser.

How does double extension detection work?

The double extension detection feature scans your files during download and identifies files with more than one extension. Such files are infamous for hiding malicious software inside. So if you try downloading a file that looks something like “file.pdf.exe,” the double extension detection tool will notify you that the file is trying to pretend to be something else.

While an alert about a malicious file might be a false positive, it’s worth double-checking to avoid the risk of downloading a pesky virus.

How to turn on double extension detection

The double extension detection feature is a part of the Threat Protection Pro™ tool, so if you enable the latter, file protection will activate automatically. You don’t have to do anything.

However, if you need guidance on how to activate Threat Protection Pro™ on your Windows device, follow the steps below:

1. Open the NordVPN app.
2. Tap the profile icon at the bottom right.
3. Tap on the shield icon.
4. Enable file protection.

What is a double extension file?

A double extension file has two different extensions, one after the other. The most common examples are .pdf.exe, .doc.exe, .jpg.exe, .txt.vbs, and .zip.exe. The second extension is an actual file format that could be hiding a virus, while the first is just text written into the filename.

For instance, if you come across something like “photo.jpg.exe,” you might think it’s just a harmless image file, but you have to be careful about the “.exe” part. It’s actually an executable file that could be infected with malware.

What are the dangers of double extension files?

Hackers use this sneaky double file extension trick to hide a file’s true nature and slip malware, viruses, or ransomware onto your device without you even realizing it. Such disguised files carry all sorts of nasty viruses, including those that modify Windows Registry or even change your system settings.

Take the ILOVEYOU virus, which spread back in 2000, for example. Millions of people all over the globe received an email with an attachment named “LOVE-LETTER-FOR-YOU.txt.vbs.” The “.txt” part made the file look harmless – a regular text file. But everyone who missed the “.vbs” part and clicked on this “love letter” got themselves into trouble. The next thing they knew, their image, audio, and document files were overwritten and gone for good. To make things worse, once the virus entered a system, it replicated and sent itself to every contact in the victim’s address book. So, if you are still wondering, yes, double extension files are dangerous.

What to do if you’ve opened a file with a double extension

If you suspect you’ve downloaded malware by opening a file with a double extension, act immediately. Disconnect your device from the internet and restart your computer in safe mode to stop the malware from loading. Then, run a thorough system scan with a reliable, up-to-date antivirus and remove the threat.

If you’re experienced in IT and know what to look for, you can also try manually deleting unfamiliar files from your computer. However, if the malware persists or you’re unsure about removing it, contact a cybersecurity professional — they’ll know what to do.

However, if you haven’t opened that double extension file yet but think this new download might be sketchy, try using a file checker. It’s super simple – just upload the image or document, and it’ll let you know if there’s anything malicious inside.

FAQ

What OS is double extension detection compatible with?

Double extension detection only works on Windows devices.

Can files have two extensions?

Yes, some files can have two real extensions, not just text written into the filename. For example, files sometimes have dual extensions like “file.txt.bak” with the second extension indicating a backup of a “.txt” file.

How do I delete a double extension?

If you notice that you’ve downloaded a file with a double extension, you can delete it like any regular file. However, with NordVPN’s Threat Protection Pro, you won’t even have to think about it — if it detects you’ve downloaded a malicious file with a fake double extension, it will delete it immediately and notify you about it.